Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

What are people using for a firewall

Featured Replies

Hi, Just wanted to know what, if any, people are using as a firewall. 

I was going to with pfsense but cannot get unraid to work with the additional intel dual nic I installed. 

 

Any there any firewalls that will work with just one nic card or do you need a minimum of 2?

 

Thanks

If you are talking about software firewalls, you will need a minimum of two nics, one for the internet and one for your local network, you could use one network card and an integrated network card if there is one built into the motherboard.

 

Personally I prefer hardware based firewalls, I use the Ubiquity Edge router X and I love it.

Entirely separate appliance running pfsense here. Firewall too important to risk being mucked up with a bunch or other stuff.

Sent from my SM-G975U using Tapatalk

Have run pfsense a bunch, also opnsense for a bit.

 

ive been on Sophos utm 9 for about 6 months or so and really like it. Going to setup failover on a small fanless pc in a month or two that will take over automatically if the virtualized firewall goes down 

6 minutes ago, 1812 said:

Have run pfsense a bunch, also opnsense for a bit.

 

ive been on Sophos utm 9 for about 6 months or so and really like it. Going to setup failover on a small fanless pc in a month or two that will take over automatically if the virtualized firewall goes down 

 

Same here. Been using Sophos UTM for about 5 years or so. Fantastic product and pretty amazing what you get for the free license.

 

It does have a learning curve though. I've had it running on an i3 with 8gb of ram and it hardly uses any resources with my config. I also run a pi-hole along side it and the combo is fantastic.

I use pfsense, I see it as a core networking device, so I would never virtualize it.

 

 

21 minutes ago, Abzstrak said:

I use pfsense, I see it as a core networking device, so I would never virtualize it.

 

 

I use to think that way, until I didn't.

  • Author

Thanks everyone for their input.

I've worked for a large company and they had everything on VM. Separate one for AD, voice, email, firewall etc. 

37 minutes ago, 1812 said:

I use to think that way, until I didn't.

Yes, but I will always keep a hardware pfsense box ready to spin up when it's needed. It's so easy to back up and restore, and my server has so much more horsepower it seemed like a waste to keep the hardware pfsense spun up all the time.

 

Virtualized pfsense for the win.

Running two unraidservers with pfsense in HA, one with a Intel Dual NIC passthrough and one with bridged interfaces (will change to Intel NIC soon, it's in the mail) and it works great.

1 minute ago, jonathanm said:

Yes, but I will always keep a hardware pfsense box ready to spin up when it's needed. It's so easy to back up and restore, and my server has so much more horsepower it seemed like a waste to keep the hardware pfsense spun up all the time.

 

Virtualized pfsense for the win.

exactly. I have a main server and a backup server, each running a firewall vm. easy to change over if the main goes down. I had issues getting sophos auto-failover working when I messed with it a few months ago but hopefully I'll get it setup soon and have automatic backup going, whether that way or in tandem with a mini pc.

  • Author

I've added a dual intel nic to unraid so I can play about pfsense VM. I've split the iommu group using vfio-pci.ids=8086:105e

but when I start up the VM getting this error:

 

internal error: qemu unexpectedly closed the monitor: 2019-08-16T17:30:46.702102Z qemu-system-x86_64: -device vfio-pci,host=03:00.0,id=hostdev0,bus=pci.0,addr=0x6: vfio 0000:03:00.0: failed to setup container for group 14: failed to set iommu for container: Operation not permitted

 

Any suggestions as to what I am doing wrong? Thanks

1 hour ago, gadgethome said:

I've added a dual intel nic to unraid so I can play about pfsense VM. I've split the iommu group using vfio-pci.ids=8086:105e

but when I start up the VM getting this error:

 

internal error: qemu unexpectedly closed the monitor: 2019-08-16T17:30:46.702102Z qemu-system-x86_64: -device vfio-pci,host=03:00.0,id=hostdev0,bus=pci.0,addr=0x6: vfio 0000:03:00.0: failed to setup container for group 14: failed to set iommu for container: Operation not permitted

 

Any suggestions as to what I am doing wrong? Thanks

Is it perhaps a HP server? In that case use the HP patched bzimage

  • Author
48 minutes ago, langelus said:

Is it perhaps a HP server? In that case use the HP patched bzimage

Thanks. Yes it is a HP Z600.

 

I replaced the bzimage with the 6.7.2 one. Rebooted and still getting this error:

 

Execution error

internal error: qemu unexpectedly closed the monitor: 2019-08-16T19:29:11.942433Z qemu-system-x86_64: -device vfio-pci,host=03:00.0,id=hostdev0,bus=pci.0,addr=0x6: vfio 0000:03:00.0: failed to setup container for group 14: failed to set iommu for container: Operation not permitted

5 minutes ago, gadgethome said:

Thanks. Yes it is a HP Z600.

 

I replaced the bzimage with the 6.7.2 one. Rebooted and still getting this error:

 

Execution error

internal error: qemu unexpectedly closed the monitor: 2019-08-16T19:29:11.942433Z qemu-system-x86_64: -device vfio-pci,host=03:00.0,id=hostdev0,bus=pci.0,addr=0x6: vfio 0000:03:00.0: failed to setup container for group 14: failed to set iommu for container: Operation not permitted

I might be wrong but I thought that 6.7.0 was the latest patched version?

  • Author

I added this to the config file and then it worked fine

 

append vfio_iommu_type1.allow_unsafe_interrupts=1 initrd=/bzroot

1 hour ago, gadgethome said:

I added this to the config file and then it worked fine

 

append vfio_iommu_type1.allow_unsafe_interrupts=1 initrd=/bzroot

there are more hp tips/tricks in my sig

Running a Mikrotik hEX Router https://mikrotik.com/product/RB750Gr3

Its quite a bit of a learning curve for people coming from "point-n-click routers" but should be fairly straightforward for most technical users.

What I really like about it is the QoS (quite a challenge) capability, and the support for VPN options (though still missing OpenVPN in UDP mode)

There are some rough spots still like the built in DNS server only supporting A/AAAA records (but has regex matching)

It also has builtin AP management (these need to be Mikrotik AP though) so new APs just need to be plugged in to the network and told to look for the head unit.

The main feature I've loved about it until my ISP started placing users on CGNAT is how easy it is to create a site-to-site VPN between routers, just plug in the public IP on both ends and you are done.

I am running a Unifi USG for the last couple of months and still happy with my decision yet. 

The controller runs as a docker container on my main unraid box. 

  • 4 years later...

I installed DD-WRT onto a Netgear home router that is no longer supported with Netgear's upgrades.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.