_jonte Posted February 28, 2021 Share Posted February 28, 2021 Is this guide still up to date? @SpaceInvaderOne Quote Link to comment
binzhu1070 Posted March 11, 2021 Share Posted March 11, 2021 can someone help me understand this maybe stupid question, will I be able to test pfsense in my local network without affecting my main network? like creating a sub network within my main network and only route maybe a couple VMs within that sub network? does this make sense? I want to play around with this but not sure if I can safely do so. Quote Link to comment
Aerodb Posted April 3, 2021 Share Posted April 3, 2021 So setting PFSense is next of my projects list and I have one quick question I wanted to ask before I get started. Will I need or would it be better to buy a new NIC (likely a 2 port NIC) and get it installed before beginning? My thought is with my existing MOBO NIC, I can use that as the server LAN port. The new card will have two ports, and one will connect to the WAN and the second will act as the LAN gateway. I'm sure someone will say that PFSense can create virtual interfaces but I want to set it up for peak performance and I have a 1Gbps (up and Down) internet connection and don't want it to be a bottle neck. Side note, the NIC on my MOBO is a 2.5 Gbps port. Let me know your thoughts, advice, guidance and thank you in advance! Quote Link to comment
tiwing Posted April 6, 2021 Share Posted April 6, 2021 (edited) On 4/3/2021 at 11:00 AM, Aerodb said: So setting PFSense is next of my projects list and I have one quick question I wanted to ask before I get started. Will I need or would it be better to buy a new NIC (likely a 2 port NIC) and get it installed before beginning? My thought is with my existing MOBO NIC, I can use that as the server LAN port. The new card will have two ports, and one will connect to the WAN and the second will act as the LAN gateway. I'm sure someone will say that PFSense can create virtual interfaces but I want to set it up for peak performance and I have a 1Gbps (up and Down) internet connection and don't want it to be a bottle neck. Side note, the NIC on my MOBO is a 2.5 Gbps port. Let me know your thoughts, advice, guidance and thank you in advance! I've been playing with pfsense for well over a year now, and in all my research, and personal experience so far, I would NEVER NEVER NEVER set up a firewall as a VM (on unraid) if you rely on that one as your ONLY firewall. Simple reason is that if something happens and you need to take unraid down, you also lose your network. I've done it, but my VM on unraid acts as a secondary node that is used if I take down the primary. IF you think that one day you MIGHT want to play with primary and secondary boxes in a high availability setup, you'll need THREE network ports - one for WAN, one for LAN, one for sync between the two boxes. I'd recommend a 4 port based on intel i350. Not that much more expensive, and gives you lots of flexibility. I found a 2-pack on amazon so i'm running identical 4 ports in my physical machine and in unraid. It works so well I'd encourage that for everyone. And if you go with a good quality i350 or equivalent, I'd skip using the on-board rj45 unless you need it for something else. Edited April 6, 2021 by tiwing Quote Link to comment
my.name.jeff Posted April 13, 2021 Share Posted April 13, 2021 Im confused why a network card is required. Why can't I just use the physical NICs on the motherboard? I have 4 of them. He states you need it to pass through to the firewall. I would have thought that I could restrict unraid to not being able to use 2 of the NICs and then pass through those to the virtual firewall. Thanks in advance for the help. Quote Link to comment
Rumint Posted May 20, 2021 Share Posted May 20, 2021 I've run in to some similar issues. and this goes both for a Nvidia quadro card and a Intel Nic. internal error: qemu unexpectedly closed the monitor: 2021-05-20T17:57:42.413287Z qemu-system-x86_64: -device vfio-pci,host=0000:16:00.0,id=hostdev0,bus=pci.1,addr=0x0: vfio 0000:16:00.0: failed to setup container for group 34: Failed to set iommu for container: Operation not permitted tried all of the solutions offered in this thread. and even tried the Kennel hack from the Nvidia GPU thread. But it wont let me pass those cards thru. Any ideas? Quote Link to comment
samba_69 Posted June 17, 2021 Share Posted June 17, 2021 I am new with unraid here and this question might be dumb, but am not able to get a solution yet! My Unraid box running pfSense vm with 4 port intel nic passthrogh. I am able to set up pfsense and log in with admin user into pfSense, but I cannot access unraid from pfSense, i.e. Users on pfSense's LAN are not able to access my Unraid server but can access internet/wan network. I understand that Unraid being VM have no understanding of Unraid as host OS. So may be a virtual network bridge may help me access the Unraid server. But unfortunately am not able to do the same. Thanks in advance! Quote Link to comment
Aerodb Posted September 26, 2021 Share Posted September 26, 2021 On 4/5/2021 at 10:33 PM, tiwing said: I've been playing with pfsense for well over a year now, and in all my research, and personal experience so far, I would NEVER NEVER NEVER set up a firewall as a VM (on unraid) if you rely on that one as your ONLY firewall. Simple reason is that if something happens and you need to take unraid down, you also lose your network. I've done it, but my VM on unraid acts as a secondary node that is used if I take down the primary. IF you think that one day you MIGHT want to play with primary and secondary boxes in a high availability setup, you'll need THREE network ports - one for WAN, one for LAN, one for sync between the two boxes. I'd recommend a 4 port based on intel i350. Not that much more expensive, and gives you lots of flexibility. I found a 2-pack on amazon so i'm running identical 4 ports in my physical machine and in unraid. It works so well I'd encourage that for everyone. And if you go with a good quality i350 or equivalent, I'd skip using the on-board rj45 unless you need it for something else. Thank you for the advice. I was thinking about running it within a VM on a small unraid machine that will only run network apps. So I suspect having to reboot it will be very limited. Also, unfortunately I have already acquired my network card. A two port with an Intel 82576 Chip. BUT I'm wondering if I could use the motherboard NIC as the third sync port should I choose to set up a secondary pfsense VM on my primary multi use Unraid hardware. so maybe I could run pf sense on this stand alone box and fail back to my main machine in the event of an outage or planned maintenance? Quote Link to comment
Bizquick Posted December 10, 2021 Share Posted December 10, 2021 (edited) I followed this to setup Pfsense in a VM today. And seams good it saved me using a old computer as a router. But I'm wondering how do I pass the LAN network from this VM back to my unraid Server. Because I got a 4 port 10gig interface card to use for this VM. and now I was to get 10gig networking going for my unraid server and dockers. is there a easy way to do that. if not can I get maybe one of the other interfaces passed back to unraid server and configure that? I'm thinking its not going to be easy to do this. Edited December 10, 2021 by Bizquick simple type o Quote Link to comment
nettech_gt Posted July 31, 2022 Share Posted July 31, 2022 On 4/24/2018 at 10:12 AM, SpaceInvaderOne said: Hi @joelones Just set in the bios of the pfsense to enable wake on lan. When the machine is off it will still power the lan port for wake on lan. I use @Squid excellent user script plugin to send a wol ping using etherwake command This script runs on array stop etherwake 00:01:3e:4e:5a:b8 I also use another script for when the array starts This uses ssh to login to the pfsense machine and shut it down this way only one pfsense is running at a time ie ssh [email protected] /etc/rc.halt You will need to generate some ssh key pairs on unRAID and copy the public key to the admin user in pfsense. All of this will be covered in my pfsense videos @SpaceInvaderOne I didn't see anything from your videos on how to set up the pfsense failover setup you mention in video one. Would you consider making a video to show how to configure it? I would really appreciate it. Thank you for all you do for the UNRAID community. Quote Link to comment
Stubbs Posted August 31, 2022 Share Posted August 31, 2022 This tutorial no longer works. The PfSense VM simply cannot load the installation screen while Primary vDisk Bus is set to SATA. Quote Link to comment
letrain Posted September 14, 2022 Share Posted September 14, 2022 On 8/30/2022 at 11:47 PM, Stubbs said: This tutorial no longer works. The PfSense VM simply cannot load the installation screen while Primary vDisk Bus is set to SATA. works fine for me. did you ever figure it out. Quote Link to comment
letrain Posted September 14, 2022 Share Posted September 14, 2022 On 7/31/2022 at 3:07 PM, nettech_gt said: @SpaceInvaderOne I didn't see anything from your videos on how to set up the pfsense failover setup you mention in video one. Would you consider making a video to show how to configure it? I would really appreciate it. Thank you for all you do for the UNRAID community. second this. i'm very interested in this setup as opposed to an HA setup with one wanip address. Quote Link to comment
Xylem59 Posted January 21, 2023 Share Posted January 21, 2023 I just changed my router to a physical pfsense box. I now cannot access the unraid webUI using the unraid IP, I have the below error: The connection has timed out The server at 192.XXX.XX.XXX is taking too long to respond. Any suggestion? Thank you. Quote Link to comment
netfox Posted February 19, 2023 Share Posted February 19, 2023 (edited) I'm installing pfSense on the VM following this tutorial, however now I see more partition options, will it work with Auto (ZFS)? Edited February 19, 2023 by netfox Quote Link to comment
netfox Posted February 19, 2023 Share Posted February 19, 2023 (edited) I was able to install with Auto (ZFS). Pass trough works great thanks to the amazon tutorial, I am also connected to internet on WAN. I configured pfSense on 192.168.1.1 on Unraid VM, however I cant reach the IP of Unraid 192.168.1.3 or any other ip on my unraid. Should I have left the bridge configuration in the configuration without deleting it? Or do I need to change something in the configuration of Unraid to have it use the pfSense network? John <?xml version='1.0' encoding='UTF-8'?> <domain type='kvm'> <name>pfSense</name> <uuid>XXXXXXXXXX9da</uuid> <metadata> <vmtemplate xmlns="unraid" name="FreeBSD" icon="freebsd.png" os="freebsd"/> </metadata> <memory unit='KiB'>3145728</memory> <currentMemory unit='KiB'>3145728</currentMemory> <memoryBacking> <nosharepages/> </memoryBacking> <vcpu placement='static'>2</vcpu> <cputune> <vcpupin vcpu='0' cpuset='1'/> <vcpupin vcpu='1' cpuset='5'/> </cputune> <os> <type arch='x86_64' machine='pc-q35-7.1'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/qemu/ovmf-x64/OVMF_CODE-pure-efi.fd</loader> <nvram>/etc/libvirt/qemu/nvram/XXXXXX_VARS-pure-efi.fd</nvram> </os> <features> <acpi/> <apic/> </features> <cpu mode='host-passthrough' check='none' migratable='on'> <topology sockets='1' dies='1' cores='1' threads='2'/> <cache mode='passthrough'/> <feature policy='require' name='topoext'/> </cpu> <clock offset='utc'> <timer name='rtc' tickpolicy='catchup'/> <timer name='pit' tickpolicy='delay'/> <timer name='hpet' present='no'/> </clock> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>restart</on_crash> <devices> <emulator>/usr/local/sbin/qemu</emulator> <disk type='file' device='cdrom'> <driver name='qemu' type='raw'/> <source file='/mnt/user/isos/pfSense-CE-2.6.0-RELEASE-amd64.iso'/> <target dev='hda' bus='sata'/> <readonly/> <boot order='2'/> <address type='drive' controller='0' bus='0' target='0' unit='0'/> </disk> <disk type='file' device='disk'> <driver name='qemu' type='qcow2' cache='writeback'/> <source file='/mnt/user/domains/pfSense/vdisk1.img'/> <target dev='hdc' bus='sata'/> <boot order='1'/> <address type='drive' controller='0' bus='0' target='0' unit='2'/> </disk> <controller type='usb' index='0' model='ich9-ehci1'> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x7'/> </controller> <controller type='usb' index='0' model='ich9-uhci1'> <master startport='0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0' multifunction='on'/> </controller> <controller type='usb' index='0' model='ich9-uhci2'> <master startport='2'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x1'/> </controller> <controller type='usb' index='0' model='ich9-uhci3'> <master startport='4'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x2'/> </controller> <controller type='pci' index='0' model='pcie-root'/> <controller type='pci' index='1' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='1' port='0x10'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/> </controller> <controller type='pci' index='2' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='2' port='0x11'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/> </controller> <controller type='pci' index='3' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='3' port='0x12'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/> </controller> <controller type='pci' index='4' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='4' port='0x13'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/> </controller> <controller type='pci' index='5' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='5' port='0x14'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/> </controller> <controller type='pci' index='6' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='6' port='0x15'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/> </controller> <controller type='virtio-serial' index='0'> <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/> </controller> <controller type='sata' index='0'> <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/> </controller> <serial type='pty'> <target type='isa-serial' port='0'> <model name='isa-serial'/> </target> </serial> <console type='pty'> <target type='serial' port='0'/> </console> <channel type='unix'> <target type='virtio' name='org.qemu.guest_agent.0'/> <address type='virtio-serial' controller='0' bus='0' port='1'/> </channel> <input type='tablet' bus='usb'> <address type='usb' bus='0' port='1'/> </input> <input type='mouse' bus='ps2'/> <input type='keyboard' bus='ps2'/> <graphics type='vnc' port='-1' autoport='yes' websocket='-1' listen='0.0.0.0' keymap='en-us'> <listen type='address' address='0.0.0.0'/> </graphics> <audio id='1' type='none'/> <video> <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/> </video> <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> </source> <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> </hostdev> <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x01' slot='0x00' function='0x1'/> </source> <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/> </hostdev> <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x01' slot='0x00' function='0x2'/> </source> <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/> </hostdev> <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x01' slot='0x00' function='0x3'/> </source> <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/> </hostdev> <memballoon model='none'/> </devices> </domain> Edited February 19, 2023 by netfox added info Quote Link to comment
JonathanM Posted February 19, 2023 Share Posted February 19, 2023 13 hours ago, netfox said: Or do I need to change something in the configuration of Unraid to have it use the pfSense network? I'm not familiar with using an interface shared with Unraid, I passed through 2 ethernet ports entirely to the VM, Unraid has no access to those two ports, one is connected to WAN, the other connected to the same switch as my Unraid ethernet port. I wanted as much isolation as possible so a misconfiguration or other issue couldn't accidentally allow my server to directly be connected to the internet. Plus, if the VM is down, it's easy to spin up my hardware pfsense box, and since it uses the same config, there's no change as far as Unraid is concerned, it still gets internet through the switch. Quote Link to comment
netfox Posted February 19, 2023 Share Posted February 19, 2023 @JonathanM My plan was to create a minimalist Unraid Box with less cables as possible,is there any good way of connecting the Unraid to the pfSense VM? Quote Link to comment
JonathanM Posted February 19, 2023 Share Posted February 19, 2023 I don't know. I've seen some people attempt it before, they may have been successful. Perhaps searching the forums may produce results, but I'm personally very uncomfortable putting my server at risk of being directly connected to WAN, so I've always kept a physical link. That's why I asked if you were directly passing multiple ethernet ports directly through to the VM. I know for sure that way works, and works well for me with some caveats. It's not officially supported, as Unraid expects to have WAN access during the boot process, so some plugins and services may not work or need tweaked to function. Quote Link to comment
OthmaUni Posted February 24, 2023 Share Posted February 24, 2023 Hi, After Weeks setting up my home network, I finally finished it and it works properly as I belived, I just want to make sure that I build it right. Can you let me know if my topology seems right please . I am not that familiar with network but I tried my best. 1 Quote Link to comment
mikey6283 Posted March 25, 2023 Share Posted March 25, 2023 On 2/24/2023 at 10:23 PM, OthmaUni said: Hi, After Weeks setting up my home network, I finally finished it and it works properly as I belived, I just want to make sure that I build it right. Can you let me know if my topology seems right please . I am not that familiar with network but I tried my best. Hi I am new to pfsense, i would like to use a similar setup you have. However i am struggling to get my unRaid server ( running HA and 4 cameras & many IOT devices to be recognise in the dhcp server. Could you share how you managed to get your unRaid server installed . i get to the point where it only connects the VM for Home Assistant it does not recognise the any other ip address. Your advice would be appreciated. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.