Can Unraid connect to network using a virtual bridge?


Recommended Posts

I am trying to run pfsense in a vm on my unraid box with two nics. I want to pass both to pfsense. Since I don' t have a physical third network interface, is it possible that unraid can connect to the network using a network bridge? 

 

I know the vms are on br0 but I am not sure if the host machine can connect to it as well. 

 

Is is something like that possible at all?

Link to comment

I have one NIC pass through to pfsense for WAN and I set the unraid created bridge as LAN. I had to modify the bridge in pfsense VM xml to display the Bridge as an e1000 Ethernet adapter instead of the default virtio adapter that unraid assigns. Unraid gets its IP from the bridge and the physical NIC feeds my switch for other devices in my LAN. Hope that made sense.


Sent from my iPad using Tapatalk

  • Like 1
  • Upvote 1
Link to comment
On 8/11/2017 at 4:18 PM, sadkisson said:

I have one NIC pass through to pfsense for WAN and I set the unraid created bridge as LAN. I had to modify the bridge in pfsense VM xml to display the Bridge as an e1000 Ethernet adapter instead of the default virtio adapter that unraid assigns. Unraid gets its IP from the bridge and the physical NIC feeds my switch for other devices in my LAN. Hope that made sense.


Sent from my iPad using Tapatalk

 

Thats exactly what I am looking to do. Can you describe how you did that? I have two nics and I am passing one to pfsense completely for WAN but I want the second one not only bridged to the physical unraid box so it can have network connectivity, but to my network switch as well. Sounds identical to how you have yours setup. If you have any step by step guide on how you accomplished this, please share, I'll be much obliged.

 

thanks 

Edited by ozkhan1
Link to comment
1 hour ago, ozkhan1 said:

Anybody? Would be great if someone can point me I. The right direction to get the server to get its up from

the bridge

 

thanks

 

I've never done what you're trying to do. I instead use a 4 port nic and send that to pfsense.

 

BUT

 

This is how you change your xml to the the other virtual adapter:

 

click on the red square button on the pfsense vm icon when it is stopped. On the dropdown menu, select edit xml.

 

scroll down to the section that looks similar to this:

 

<interface type='bridge'>
      <mac address='52:54:00:82:25:11'/>
      <source bridge='br0'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x02' slot='0x01' function='0x0'/>
    </interface>

note: your mac address and address will be different.

 

where it lists "model type="   change to

 

<model type='e1000-82545em'/>

 

make sure source birdge is "br0"

 

scroll down further, click save.

 

NOTE: you can no longer edit your vm using the vm manager as custom edits will then be discarded and you will lose the e1000.

 

 

Don't be surprised that when you attempt to boot the server, and it is

looking for the pfsense vm for network connectivity, that it can take a while. Docker runs an update check at boot. And if there is no network detected, each docker has to go through a preset timeout which is somewhere between 100 and 300 seconds if I remember correctly. This is on every autostart docker in order. This is before the vm's are autostarted.

 

PRO TIP: set your unRaid server on a static ip. it's easier to find it after setting up pfsense and running the firewall on the same box.

 

Good luck.

 

 

Edited by 1812
  • Like 1
Link to comment
On 8/15/2017 at 7:00 PM, 1812 said:

 

I've never done what you're trying to do. I instead use a 4 port nic and send that to pfsense.

 

BUT

 

This is how you change your xml to the the other virtual adapter:

 

click on the red square button on the pfsense vm icon when it is stopped. On the dropdown menu, select edit xml.

 

scroll down to the section that looks similar to this:

 


<interface type='bridge'>
      <mac address='52:54:00:82:25:11'/>
      <source bridge='br0'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x02' slot='0x01' function='0x0'/>
    </interface>

note: your mac address and address will be different.

 

where it lists "model type="   change to

 


<model type='e1000-82545em'/>

 

make sure source birdge is "br0"

 

scroll down further, click save.

 

NOTE: you can no longer edit your vm using the vm manager as custom edits will then be discarded and you will lose the e1000.

 

 

Don't be surprised that when you attempt to boot the server, and it is

looking for the pfsense vm for network connectivity, that it can take a while. Docker runs an update check at boot. And if there is no network detected, each docker has to go through a preset timeout which is somewhere between 100 and 300 seconds if I remember correctly. This is on every autostart docker in order. This is before the vm's are autostarted.

 

PRO TIP: set your unRaid server on a static ip. it's easier to find it after setting up pfsense and running the firewall on the same box.

 

Good luck.

 

you sir, are my hero.. thank you so much. it works beautifully.

 

Link to comment
  • 1 year later...

Recently I've set up a PFSense VM which for I've put a quad port NIC in my server. Right now unraid itself is using the onboard NIC (PFSense -> switch -> unraid and so on), but I'm wondering whether it would be faster if unraid would connect using a bridge instead?

Edited by lixe
Link to comment
3 hours ago, lixe said:

Recently I've set up a PFSense VM which for I've put a quad port NIC in my server. Right now unraid itself is using the onboard NIC (PFSense -> switch -> unraid and so on), but I'm wondering whether it would be faster if unraid would connect using a bridge instead?

technically, maybe very slightly faster but you wont notice a difference. there are some that feel (myself included) that this is somehow less secure than doing it via software to access the network. It's an odd feeling for some that the your server is just a software bridge away from exposing itself to the internet. Others point out that it's essentially the same thing, since the software just outputs via a hardware port to a switch with no filtering back to the server. There are discussions about it in several places on the internet. I'm not sure my belief is grounded in reality, but mine still access the pfsense vm via a switch.

Link to comment
  • 3 months later...
  • 3 months later...
  • 9 months later...

 

On 8/3/2019 at 4:34 AM, darthjonathan12 said:

Could the e1000 be a bottleneck on a 10gbe connection?  If so what should be used? 

I know its an old topic, but I have the same question. Can someone answer please?
 

 

On 8/16/2017 at 1:00 AM, 1812 said:

 


<interface type='bridge'>
      <mac address='52:54:00:82:25:11'/>
      <source bridge='br0'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x02' slot='0x01' function='0x0'/>
    </interface>

where it lists "model type="   change to

 


<model type='e1000-82545em'/>

 

 

Also was this working for anyone?

Edited by NeoJoris
Link to comment
  • 3 weeks later...
  • 2 weeks later...
  • 7 months later...
  • 8 months later...
On 1/19/2019 at 9:16 AM, 1812 said:

technically, maybe very slightly faster but you wont notice a difference. there are some that feel (myself included) that this is somehow less secure than doing it via software to access the network. It's an odd feeling for some that the your server is just a software bridge away from exposing itself to the internet. Others point out that it's essentially the same thing, since the software just outputs via a hardware port to a switch with no filtering back to the server. There are discussions about it in several places on the internet. I'm not sure my belief is grounded in reality, but mine still access the pfsense vm via a switch.

 

How about just patching the onboard (Unraid) NIC to the 4-port pfSense NIC? Why go to the switch first?

Edited by ksignorini
second question
Link to comment
  • 11 months later...
On 11/4/2021 at 12:28 AM, ksignorini said:

 

How about just patching the onboard (Unraid) NIC to the 4-port pfSense NIC? Why go to the switch first?


Yes you can. Just connect the Unraid Nic to a free port on the pfSense Nic.

On my system, Unraid is using the build-in 1Gb Nic on the motherboard.
I installed pfSence and added a 4 x 1Gb Intel Nic only in use by pfSense. (from eBay)
1. Cat-5 cable between the Unraid Nic and one of the ports on the 4 port Nic. In pfSense this port is then labeled Unraid.
2. Cat-5 cable on port 2 connected to the internet modem (Interface Name: Wan-internet).
3. Cat-5 cable on port 3 connected to my wireless access point (Interface name: WiFi. This gives wifi a separate lan that is restricted).
4. Added a 1 x 10Gb card that is also set up in pfSense. This card is sole in use by my Macbook. (also conveniently protected against traffic from the other interfaces, including wifi). 

I will try the virtual 10Gb trick for Unraid (which was the reason I installed pfSense, so I can pull video footage from Unraid at 10Gb speeds. I will report back, if successful. 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.