August 11, 20178 yr I am trying to run pfsense in a vm on my unraid box with two nics. I want to pass both to pfsense. Since I don' t have a physical third network interface, is it possible that unraid can connect to the network using a network bridge? I know the vms are on br0 but I am not sure if the host machine can connect to it as well. Is is something like that possible at all?
August 11, 20178 yr The host machine needs a physical interface (eth0) which can be set up as bridge. This allows both host and VMs to share the same connection.
August 11, 20178 yr I have one NIC pass through to pfsense for WAN and I set the unraid created bridge as LAN. I had to modify the bridge in pfsense VM xml to display the Bridge as an e1000 Ethernet adapter instead of the default virtio adapter that unraid assigns. Unraid gets its IP from the bridge and the physical NIC feeds my switch for other devices in my LAN. Hope that made sense.Sent from my iPad using Tapatalk
August 13, 20178 yr Author On 8/11/2017 at 4:18 PM, sadkisson said: I have one NIC pass through to pfsense for WAN and I set the unraid created bridge as LAN. I had to modify the bridge in pfsense VM xml to display the Bridge as an e1000 Ethernet adapter instead of the default virtio adapter that unraid assigns. Unraid gets its IP from the bridge and the physical NIC feeds my switch for other devices in my LAN. Hope that made sense. Sent from my iPad using Tapatalk Thats exactly what I am looking to do. Can you describe how you did that? I have two nics and I am passing one to pfsense completely for WAN but I want the second one not only bridged to the physical unraid box so it can have network connectivity, but to my network switch as well. Sounds identical to how you have yours setup. If you have any step by step guide on how you accomplished this, please share, I'll be much obliged. thanks Edited August 13, 20178 yr by ozkhan1
August 15, 20178 yr Author Anybody? Would be great if someone can point me I. The right direction to get the server to get its up from the bridge thanks
August 15, 20178 yr 1 hour ago, ozkhan1 said: Anybody? Would be great if someone can point me I. The right direction to get the server to get its up from the bridge thanks I've never done what you're trying to do. I instead use a 4 port nic and send that to pfsense. BUT This is how you change your xml to the the other virtual adapter: click on the red square button on the pfsense vm icon when it is stopped. On the dropdown menu, select edit xml. scroll down to the section that looks similar to this: <interface type='bridge'> <mac address='52:54:00:82:25:11'/> <source bridge='br0'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x02' slot='0x01' function='0x0'/> </interface> note: your mac address and address will be different. where it lists "model type=" change to <model type='e1000-82545em'/> make sure source birdge is "br0" scroll down further, click save. NOTE: you can no longer edit your vm using the vm manager as custom edits will then be discarded and you will lose the e1000. Don't be surprised that when you attempt to boot the server, and it is looking for the pfsense vm for network connectivity, that it can take a while. Docker runs an update check at boot. And if there is no network detected, each docker has to go through a preset timeout which is somewhere between 100 and 300 seconds if I remember correctly. This is on every autostart docker in order. This is before the vm's are autostarted. PRO TIP: set your unRaid server on a static ip. it's easier to find it after setting up pfsense and running the firewall on the same box. Good luck. Edited August 15, 20178 yr by 1812
August 18, 20178 yr Author On 8/15/2017 at 7:00 PM, 1812 said: I've never done what you're trying to do. I instead use a 4 port nic and send that to pfsense. BUT This is how you change your xml to the the other virtual adapter: click on the red square button on the pfsense vm icon when it is stopped. On the dropdown menu, select edit xml. scroll down to the section that looks similar to this: <interface type='bridge'> <mac address='52:54:00:82:25:11'/> <source bridge='br0'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x02' slot='0x01' function='0x0'/> </interface> note: your mac address and address will be different. where it lists "model type=" change to <model type='e1000-82545em'/> make sure source birdge is "br0" scroll down further, click save. NOTE: you can no longer edit your vm using the vm manager as custom edits will then be discarded and you will lose the e1000. Don't be surprised that when you attempt to boot the server, and it is looking for the pfsense vm for network connectivity, that it can take a while. Docker runs an update check at boot. And if there is no network detected, each docker has to go through a preset timeout which is somewhere between 100 and 300 seconds if I remember correctly. This is on every autostart docker in order. This is before the vm's are autostarted. PRO TIP: set your unRaid server on a static ip. it's easier to find it after setting up pfsense and running the firewall on the same box. Good luck. you sir, are my hero.. thank you so much. it works beautifully.
January 19, 20197 yr Recently I've set up a PFSense VM which for I've put a quad port NIC in my server. Right now unraid itself is using the onboard NIC (PFSense -> switch -> unraid and so on), but I'm wondering whether it would be faster if unraid would connect using a bridge instead? Edited January 19, 20197 yr by lixe
January 19, 20197 yr 3 hours ago, lixe said: Recently I've set up a PFSense VM which for I've put a quad port NIC in my server. Right now unraid itself is using the onboard NIC (PFSense -> switch -> unraid and so on), but I'm wondering whether it would be faster if unraid would connect using a bridge instead? technically, maybe very slightly faster but you wont notice a difference. there are some that feel (myself included) that this is somehow less secure than doing it via software to access the network. It's an odd feeling for some that the your server is just a software bridge away from exposing itself to the internet. Others point out that it's essentially the same thing, since the software just outputs via a hardware port to a switch with no filtering back to the server. There are discussions about it in several places on the internet. I'm not sure my belief is grounded in reality, but mine still access the pfsense vm via a switch.
April 25, 20197 yr Community Expert Currently I have a dual onboard NIC and a dual Intel Pro/1000 PCIe NIC. I pass-through the Intel dual NIC and use both dedicated ports in pfsense for max performance. I had to add the add the allow unsafe interrupts in my syslinux config though.
May 6, 20206 yr On 8/3/2019 at 4:34 AM, darthjonathan12 said: Could the e1000 be a bottleneck on a 10gbe connection? If so what should be used? I know its an old topic, but I have the same question. Can someone answer please? On 8/16/2017 at 1:00 AM, 1812 said: <interface type='bridge'> <mac address='52:54:00:82:25:11'/> <source bridge='br0'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x02' slot='0x01' function='0x0'/> </interface> where it lists "model type=" change to <model type='e1000-82545em'/> Also was this working for anyone? Edited May 6, 20206 yr by NeoJoris
May 25, 20206 yr On 5/6/2020 at 3:47 PM, NeoJoris said: I know its an old topic, but I have the same question. Can someone answer please? Also was this working for anyone? nor work for me...
May 27, 20206 yr On 5/25/2020 at 10:42 PM, JamesAdams said: nor work for me... I figured it out, yes it could bottleneck, use the following instead: <interface type='bridge'> <mac address=''/> <source bridge='br0'/> <model type='vmxnet3'/>
May 27, 20206 yr 17 minutes ago, NeoJoris said: I figured it out, yes it could bottleneck, use the following instead: <interface type='bridge'> <mac address=''/> <source bridge='br0'/> <model type='vmxnet3'/> I just tried and it doesn't work either 😕
June 6, 20206 yr On 5/27/2020 at 2:02 PM, JamesAdams said: I just tried and it doesn't work either 😕 To bad, Just to be sure; you did not leave the mac adress blank or '' did you?
June 13, 20206 yr On 6/6/2020 at 10:44 PM, NeoJoris said: To bad, Just to be sure; you did not leave the mac adress blank or '' did you? no is not blank ^^ windows detect the network but i don't have the driver for vmxnet3
February 11, 20215 yr my unraid already has 10GbE ethernet. but i still cannot let openWRT to show 10GbE for eth0.... anyone have a solution ?
November 3, 20214 yr On 1/19/2019 at 9:16 AM, 1812 said: technically, maybe very slightly faster but you wont notice a difference. there are some that feel (myself included) that this is somehow less secure than doing it via software to access the network. It's an odd feeling for some that the your server is just a software bridge away from exposing itself to the internet. Others point out that it's essentially the same thing, since the software just outputs via a hardware port to a switch with no filtering back to the server. There are discussions about it in several places on the internet. I'm not sure my belief is grounded in reality, but mine still access the pfsense vm via a switch. How about just patching the onboard (Unraid) NIC to the 4-port pfSense NIC? Why go to the switch first? Edited November 3, 20214 yr by ksignorini second question
October 8, 20223 yr On 11/4/2021 at 12:28 AM, ksignorini said: How about just patching the onboard (Unraid) NIC to the 4-port pfSense NIC? Why go to the switch first? Yes you can. Just connect the Unraid Nic to a free port on the pfSense Nic. On my system, Unraid is using the build-in 1Gb Nic on the motherboard. I installed pfSence and added a 4 x 1Gb Intel Nic only in use by pfSense. (from eBay) 1. Cat-5 cable between the Unraid Nic and one of the ports on the 4 port Nic. In pfSense this port is then labeled Unraid. 2. Cat-5 cable on port 2 connected to the internet modem (Interface Name: Wan-internet). 3. Cat-5 cable on port 3 connected to my wireless access point (Interface name: WiFi. This gives wifi a separate lan that is restricted). 4. Added a 1 x 10Gb card that is also set up in pfSense. This card is sole in use by my Macbook. (also conveniently protected against traffic from the other interfaces, including wifi). I will try the virtual 10Gb trick for Unraid (which was the reason I installed pfSense, so I can pull video footage from Unraid at 10Gb speeds. I will report back, if successful.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.