December 10, 20178 yr How do I configure a VM to have no bridge? I would like to do the following: 1. Use my pfsense VM which currently has one virtual NIC installed (br0 WAN) 2. Add a virtual NIC to pfsense that is not bridged (this would be the pfSense LAN side, virbr0 is not an option because it still connects to my LAN via NAT) 3. Use a Windows VM that is also not bridged. It exists only an unraid VM only network. It can communicate with other VMs but it must use the pfSense VM as its gateway. Basically I want to use pfSense as a firewall for VMs which means I need both VMs to have a virtual NIC that is not bridged. How can I do this? It doesn't seem possible in the GUI but an XML edit should work. I'm just not sure what to change to configure this. The purpose of this would be to use unraid to test pfSense configurations. Thank you.
December 13, 20178 yr Hi popwebz, Select the virbr0 bridge for your VMs instead of br0 and unRAID will dole out its own NAT IP scheme to those VMs independent of your router or switch. That said, all internal VM network traffic stays internal to the system when using br0 anyway, so not sure you need to do this.
December 16, 20178 yr Author On 12/13/2017 at 12:28 PM, jonp said: Hi popwebz, Select the virbr0 bridge for your VMs instead of br0 and unRAID will dole out its own NAT IP scheme to those VMs independent of your router or switch. That said, all internal VM network traffic stays internal to the system when using br0 anyway, so not sure you need to do this. Thank you for the response but perhaps my question wasn't clear enough. I can see that br0 traffic between VMs is much faster than gigabit could ever provide so it is clear communication is internal. What I am trying to do is to specify the router VMs use on the unraid side. So instead of the unraid host handling routing to the physical LAN network (as it does when virbr0) I would like the VMs to use another VM as the gateway. They would only have access to the internet if the firewall VM was running. The pfsense VM would handle NAT and the firewall would work. This would be great for security. As it is, unraid allows all traffic to flow through which is not something that I want. In my situation the physical LAN cannot be trusted. Even when VMs use virbr0, any device on the home network can communicate with the virtual machines running on unraid because unraid is creating a NAT bridge which cannot be managed or controlled. Using a dedicated virtual firewall would be a great way to manage this. The only way that it seems this could be done as it is now is to passthrough a 4 port pcie NIC to the firewall VM and then install a second pcie NIC that unraid could access (br1) and then setting all other VMs to use br1. Then I would need to physically connecting a patch cable between the two network cards. And then also run another ethernet drop to connect the firewall's WAN port on its passthrough NIC to the home router. That approach seems convoluted and the VMs are still using bridged connections. If this could be virtualized (this should be possible, I'm just not sure how to do it with unraid) I wouldn't have to use my two pcie slots for such a hack
November 22, 20187 yr sorry to bump this old thread - I found it in a search. When i used to run pfsense on esxi with other VMs I set the WAN to an unused interface, and LAN to an interface which other VMs use + which was connected to my switch. How does one go about the same setup with unraid and pfsense? - As the previous poster wrote - internal transfer should be a lot faster than me looping back with a patch cable over gbit lan. I've watched spaceinvader one part 3 but this just says to pass through the entire adapter. note: if I allow br0 to pfsense - pfsense does not see it and says i have no network adapters.. Edited November 22, 20187 yr by snailbrain
November 22, 20187 yr Do i need to install something into pfsense so it can see br0 (like some drivers..)
Archived
This topic is now archived and is closed to further replies.