Jump to content



Photo

pfSense on KVM


  • Please log in to reply
13 replies to this topic

#1 Haggis

Haggis

    Neowinian Senior

  • Tech Issues Solved: 10
  • Joined: 13-June 07
  • Location: Near Stirling, Scotland
  • OS: Debian 7
  • Phone: Samsung Galaxy S3 LTE (i9305)

Posted 26 June 2014 - 21:21

Hi Guys

 

I played about with Proxies last week and managed to get it working how i wanted to

 

So this week i am having a go with pfSense

 

I want to run it in a VM using KVM

 

and eventually use it as the router  for my network

 

am i right in saying i would need two NIC's in my server?

 

its a HP Microserver N54L




#2 vetMichael Stanclift

Michael Stanclift

    Virtually Benevolent

  • Joined: 15-July 01
  • Location: Kansas City
  • OS: OS X 10.9
  • Phone: iPhone 5

Posted 27 June 2014 - 03:47

I don't know about KVM specifically, but I think if you're wanting to do an inline proxy or firewall going to need a pNIC for your external connection and a pNIC that connects to your internal network, with a corresponding vNIC out of the VM on each side of the network. I have an Untangle firewall running on my home ESXi server that does exactly this. My cable modem connects to one NIC port, and the other connects to my home switch.



#3 OP Haggis

Haggis

    Neowinian Senior

  • Tech Issues Solved: 10
  • Joined: 13-June 07
  • Location: Near Stirling, Scotland
  • OS: Debian 7
  • Phone: Samsung Galaxy S3 LTE (i9305)

Posted 27 June 2014 - 09:08

ok so i woul dhave the incoming WAN connection into a Physical NIC on my server, then another Physcical NIC connected to my switch

 

yeah?

 

I got as far as it trying to detect my WAN and it failed so i assumed this would be the case



#4 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 86
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 27 June 2014 - 12:10

Yeah you really need 2 physical nics - it could be done with vlans.. But no - min 2 physical nics.

Curious question why KVM vs ESXi ? To be honest I would prob go with esxi, since its supported and works and lots of people doing it. Then if you want after some experience with actually running your router/firewall on VM platform if you want to give it a go on KVM you will be more prepared, etc.

I have 4 pNics in my N40L - the one it came with and then I added a single and then a dual.. Can post the model numbers if you want. They were cheap!!!

#5 OP Haggis

Haggis

    Neowinian Senior

  • Tech Issues Solved: 10
  • Joined: 13-June 07
  • Location: Near Stirling, Scotland
  • OS: Debian 7
  • Phone: Samsung Galaxy S3 LTE (i9305)

Posted 27 June 2014 - 19:56

yeah model numbers would be good

 

 



#6 Fahim S.

Fahim S.

    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 15-April 02
  • OS: Windows 8 - OG
  • Phone: Google Nexus 4 16GB by LG

Posted 27 June 2014 - 21:05

I use a pretty standard Intel desktop NIC in my N54L, in the PCIe x1 slot (the x8 slot has a RAID card in it).

 

http://www.amazon.co...t?ie=UTF8&psc=1

 

My WAN traffic comes in on the onboard NIC with the Intel NIC connecting to the rest of the LAN.

I have pfSense 2.1.3 64 bit running on ESXi 5.1.

 

Make sure the card you buy is low profile.

 

Edit: it just told me that 2.1.4 is now available.



#7 vetMichael Stanclift

Michael Stanclift

    Virtually Benevolent

  • Joined: 15-July 01
  • Location: Kansas City
  • OS: OS X 10.9
  • Phone: iPhone 5

Posted 28 June 2014 - 00:06

ok so i woul dhave the incoming WAN connection into a Physical NIC on my server, then another Physcical NIC connected to my switch

 

yeah?

 

I got as far as it trying to detect my WAN and it failed so i assumed this would be the case

 

Correct.

 

I've been meaning to play around with pfSense for a while now, going to get it downloaded and try it out tonight. Gives me something to look at until my home Meraki gear arrives from Cisco.



#8 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 86
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 28 June 2014 - 03:44

yeah 2.1.4 has been out for couple days.

The nics I bought - and yes make sure you get the low profile versions.

I had emailed the amtech when I ordered the dual to make sure it was low profile.

http://www.amazon.co...duct/B000J3OPOU
HP 412648-B21 NC360T PCI-Express DP GigaBit Adapter

I paid $41, looks like its $29 now..

here is single nic
http://www.newegg.co...N82E16833106033

it comes with low profile bracket.

#9 Fahim S.

Fahim S.

    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 15-April 02
  • OS: Windows 8 - OG
  • Phone: Google Nexus 4 16GB by LG

Posted 28 June 2014 - 12:27

http://www.amazon.co...duct/B000J3OPOU
HP 412648-B21 NC360T PCI-Express DP GigaBit Adapter

I paid $41, looks like its $29 now..
 

 

That's an absolute bargain.



#10 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 86
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 28 June 2014 - 12:32

Yeah at 41 it was great at 29 it's a freaking steal ;)

#11 vetMichael Stanclift

Michael Stanclift

    Virtually Benevolent

  • Joined: 15-July 01
  • Location: Kansas City
  • OS: OS X 10.9
  • Phone: iPhone 5

Posted 28 June 2014 - 20:32

http://www.amazon.co...duct/B000J3OPOU
HP 412648-B21 NC360T PCI-Express DP GigaBit Adapter

I paid $41, looks like its $29 now..
 

 

Nice find! Just picked up two of these myself. I've got a quad-port Intel in my main ESXi box, but it never hurts to have one of these around for other experiments.



#12 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 86
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 29 June 2014 - 12:23

make sure you contact the seller for the low profile bracket.. That is not the seller I bought from - I bought from amtech.. Which contacted and they asked me my order number and made sure I got the low profile one.

#13 OP Haggis

Haggis

    Neowinian Senior

  • Tech Issues Solved: 10
  • Joined: 13-June 07
  • Location: Near Stirling, Scotland
  • OS: Debian 7
  • Phone: Samsung Galaxy S3 LTE (i9305)

Posted 29 June 2014 - 12:52

lol check the price of them on UK Amazon

 

http://www.amazon.co...60T PCI-Express



#14 Fahim S.

Fahim S.

    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 15-April 02
  • OS: Windows 8 - OG
  • Phone: Google Nexus 4 16GB by LG

Posted 29 June 2014 - 13:08

http://www.ebay.co.u...=p2054897.l4275

 

That took all of about a minute :-)





Click here to login or here to register to remove this ad, it's free!