ozkhan1 Posted August 11, 2017 Share Posted August 11, 2017 I am trying to run pfsense in a vm on my unraid box with two nics. I want to pass both to pfsense. Since I don' t have a physical third network interface, is it possible that unraid can connect to the network using a network bridge? I know the vms are on br0 but I am not sure if the host machine can connect to it as well. Is is something like that possible at all? Quote Link to comment
bonienl Posted August 11, 2017 Share Posted August 11, 2017 The host machine needs a physical interface (eth0) which can be set up as bridge. This allows both host and VMs to share the same connection. Quote Link to comment
sadkisson Posted August 11, 2017 Share Posted August 11, 2017 I have one NIC pass through to pfsense for WAN and I set the unraid created bridge as LAN. I had to modify the bridge in pfsense VM xml to display the Bridge as an e1000 Ethernet adapter instead of the default virtio adapter that unraid assigns. Unraid gets its IP from the bridge and the physical NIC feeds my switch for other devices in my LAN. Hope that made sense.Sent from my iPad using Tapatalk 1 1 Quote Link to comment
ozkhan1 Posted August 13, 2017 Author Share Posted August 13, 2017 (edited) On 8/11/2017 at 4:18 PM, sadkisson said: I have one NIC pass through to pfsense for WAN and I set the unraid created bridge as LAN. I had to modify the bridge in pfsense VM xml to display the Bridge as an e1000 Ethernet adapter instead of the default virtio adapter that unraid assigns. Unraid gets its IP from the bridge and the physical NIC feeds my switch for other devices in my LAN. Hope that made sense. Sent from my iPad using Tapatalk Thats exactly what I am looking to do. Can you describe how you did that? I have two nics and I am passing one to pfsense completely for WAN but I want the second one not only bridged to the physical unraid box so it can have network connectivity, but to my network switch as well. Sounds identical to how you have yours setup. If you have any step by step guide on how you accomplished this, please share, I'll be much obliged. thanks Edited August 13, 2017 by ozkhan1 Quote Link to comment
ozkhan1 Posted August 15, 2017 Author Share Posted August 15, 2017 Anybody? Would be great if someone can point me I. The right direction to get the server to get its up from the bridge thanks Quote Link to comment
1812 Posted August 15, 2017 Share Posted August 15, 2017 (edited) 1 hour ago, ozkhan1 said: Anybody? Would be great if someone can point me I. The right direction to get the server to get its up from the bridge thanks I've never done what you're trying to do. I instead use a 4 port nic and send that to pfsense. BUT This is how you change your xml to the the other virtual adapter: click on the red square button on the pfsense vm icon when it is stopped. On the dropdown menu, select edit xml. scroll down to the section that looks similar to this: <interface type='bridge'> <mac address='52:54:00:82:25:11'/> <source bridge='br0'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x02' slot='0x01' function='0x0'/> </interface> note: your mac address and address will be different. where it lists "model type=" change to <model type='e1000-82545em'/> make sure source birdge is "br0" scroll down further, click save. NOTE: you can no longer edit your vm using the vm manager as custom edits will then be discarded and you will lose the e1000. Don't be surprised that when you attempt to boot the server, and it is looking for the pfsense vm for network connectivity, that it can take a while. Docker runs an update check at boot. And if there is no network detected, each docker has to go through a preset timeout which is somewhere between 100 and 300 seconds if I remember correctly. This is on every autostart docker in order. This is before the vm's are autostarted. PRO TIP: set your unRaid server on a static ip. it's easier to find it after setting up pfsense and running the firewall on the same box. Good luck. Edited August 15, 2017 by 1812 1 Quote Link to comment
ozkhan1 Posted August 18, 2017 Author Share Posted August 18, 2017 On 8/15/2017 at 7:00 PM, 1812 said: I've never done what you're trying to do. I instead use a 4 port nic and send that to pfsense. BUT This is how you change your xml to the the other virtual adapter: click on the red square button on the pfsense vm icon when it is stopped. On the dropdown menu, select edit xml. scroll down to the section that looks similar to this: <interface type='bridge'> <mac address='52:54:00:82:25:11'/> <source bridge='br0'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x02' slot='0x01' function='0x0'/> </interface> note: your mac address and address will be different. where it lists "model type=" change to <model type='e1000-82545em'/> make sure source birdge is "br0" scroll down further, click save. NOTE: you can no longer edit your vm using the vm manager as custom edits will then be discarded and you will lose the e1000. Don't be surprised that when you attempt to boot the server, and it is looking for the pfsense vm for network connectivity, that it can take a while. Docker runs an update check at boot. And if there is no network detected, each docker has to go through a preset timeout which is somewhere between 100 and 300 seconds if I remember correctly. This is on every autostart docker in order. This is before the vm's are autostarted. PRO TIP: set your unRaid server on a static ip. it's easier to find it after setting up pfsense and running the firewall on the same box. Good luck. you sir, are my hero.. thank you so much. it works beautifully. Quote Link to comment
lixe Posted January 19, 2019 Share Posted January 19, 2019 (edited) Recently I've set up a PFSense VM which for I've put a quad port NIC in my server. Right now unraid itself is using the onboard NIC (PFSense -> switch -> unraid and so on), but I'm wondering whether it would be faster if unraid would connect using a bridge instead? Edited January 19, 2019 by lixe Quote Link to comment
1812 Posted January 19, 2019 Share Posted January 19, 2019 3 hours ago, lixe said: Recently I've set up a PFSense VM which for I've put a quad port NIC in my server. Right now unraid itself is using the onboard NIC (PFSense -> switch -> unraid and so on), but I'm wondering whether it would be faster if unraid would connect using a bridge instead? technically, maybe very slightly faster but you wont notice a difference. there are some that feel (myself included) that this is somehow less secure than doing it via software to access the network. It's an odd feeling for some that the your server is just a software bridge away from exposing itself to the internet. Others point out that it's essentially the same thing, since the software just outputs via a hardware port to a switch with no filtering back to the server. There are discussions about it in several places on the internet. I'm not sure my belief is grounded in reality, but mine still access the pfsense vm via a switch. Quote Link to comment
guruleenyc Posted April 25, 2019 Share Posted April 25, 2019 Currently I have a dual onboard NIC and a dual Intel Pro/1000 PCIe NIC. I pass-through the Intel dual NIC and use both dedicated ports in pfsense for max performance. I had to add the add the allow unsafe interrupts in my syslinux config though. Quote Link to comment
darthjonathan12 Posted August 3, 2019 Share Posted August 3, 2019 Could the e1000 be a bottleneck on a 10gbe connection? If so what should be used? Quote Link to comment
NeoJoris Posted May 6, 2020 Share Posted May 6, 2020 (edited) On 8/3/2019 at 4:34 AM, darthjonathan12 said: Could the e1000 be a bottleneck on a 10gbe connection? If so what should be used? I know its an old topic, but I have the same question. Can someone answer please? On 8/16/2017 at 1:00 AM, 1812 said: <interface type='bridge'> <mac address='52:54:00:82:25:11'/> <source bridge='br0'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x02' slot='0x01' function='0x0'/> </interface> where it lists "model type=" change to <model type='e1000-82545em'/> Also was this working for anyone? Edited May 6, 2020 by NeoJoris Quote Link to comment
JamesAdams Posted May 25, 2020 Share Posted May 25, 2020 On 5/6/2020 at 3:47 PM, NeoJoris said: I know its an old topic, but I have the same question. Can someone answer please? Also was this working for anyone? nor work for me... Quote Link to comment
NeoJoris Posted May 27, 2020 Share Posted May 27, 2020 On 5/25/2020 at 10:42 PM, JamesAdams said: nor work for me... I figured it out, yes it could bottleneck, use the following instead: <interface type='bridge'> <mac address=''/> <source bridge='br0'/> <model type='vmxnet3'/> Quote Link to comment
JamesAdams Posted May 27, 2020 Share Posted May 27, 2020 17 minutes ago, NeoJoris said: I figured it out, yes it could bottleneck, use the following instead: <interface type='bridge'> <mac address=''/> <source bridge='br0'/> <model type='vmxnet3'/> I just tried and it doesn't work either 😕 Quote Link to comment
NeoJoris Posted June 6, 2020 Share Posted June 6, 2020 On 5/27/2020 at 2:02 PM, JamesAdams said: I just tried and it doesn't work either 😕 To bad, Just to be sure; you did not leave the mac adress blank or '' did you? Quote Link to comment
JamesAdams Posted June 13, 2020 Share Posted June 13, 2020 On 6/6/2020 at 10:44 PM, NeoJoris said: To bad, Just to be sure; you did not leave the mac adress blank or '' did you? no is not blank ^^ windows detect the network but i don't have the driver for vmxnet3 Quote Link to comment
i_Will Posted February 11, 2021 Share Posted February 11, 2021 my unraid already has 10GbE ethernet. but i still cannot let openWRT to show 10GbE for eth0.... anyone have a solution ? Quote Link to comment
ksignorini Posted November 3, 2021 Share Posted November 3, 2021 (edited) On 1/19/2019 at 9:16 AM, 1812 said: technically, maybe very slightly faster but you wont notice a difference. there are some that feel (myself included) that this is somehow less secure than doing it via software to access the network. It's an odd feeling for some that the your server is just a software bridge away from exposing itself to the internet. Others point out that it's essentially the same thing, since the software just outputs via a hardware port to a switch with no filtering back to the server. There are discussions about it in several places on the internet. I'm not sure my belief is grounded in reality, but mine still access the pfsense vm via a switch. How about just patching the onboard (Unraid) NIC to the 4-port pfSense NIC? Why go to the switch first? Edited November 3, 2021 by ksignorini second question Quote Link to comment
transparent Posted October 8, 2022 Share Posted October 8, 2022 On 11/4/2021 at 12:28 AM, ksignorini said: How about just patching the onboard (Unraid) NIC to the 4-port pfSense NIC? Why go to the switch first? Yes you can. Just connect the Unraid Nic to a free port on the pfSense Nic. On my system, Unraid is using the build-in 1Gb Nic on the motherboard. I installed pfSence and added a 4 x 1Gb Intel Nic only in use by pfSense. (from eBay) 1. Cat-5 cable between the Unraid Nic and one of the ports on the 4 port Nic. In pfSense this port is then labeled Unraid. 2. Cat-5 cable on port 2 connected to the internet modem (Interface Name: Wan-internet). 3. Cat-5 cable on port 3 connected to my wireless access point (Interface name: WiFi. This gives wifi a separate lan that is restricted). 4. Added a 1 x 10Gb card that is also set up in pfSense. This card is sole in use by my Macbook. (also conveniently protected against traffic from the other interfaces, including wifi). I will try the virtual 10Gb trick for Unraid (which was the reason I installed pfSense, so I can pull video footage from Unraid at 10Gb speeds. I will report back, if successful. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.