How to Virtualize Your Home Router / Firewall Using pfSense

Подписаться 227 тыс.

Просмотров 277 тыс.

50% 1

It's time to say goodbye to your home router and start virtualizing it using Proxmox and pfSense.
Video Notes: technotim.live/posts/proxmox-...
pfSense Community Edition Download: www.pfsense.org/download/
Get started with Proxmox today: • Proxmox VE Install and...
Support me on Patreon: / technotim
Sponsor me on GitHub: github.com/sponsors/timothyst...
Subscribe on Twitch: / technotim
Become a RU-vid member: / @technotim
Merch Shop 🛍️: l.technotim.live/shop
Gear Recommendations: l.technotim.live/gear
Get Help in Our Discord Community: l.technotim.live/discord
2nd channel: / @technotimtalks
00:00 - Intro
00:20 - Why
01:40 - The Required Network Card
02:04 - Hardware Install
02:22 - Software Install
02:40 - Proxmox Config
04:55 - Install pfSense
08:33 - pfSense First Start & Config
09:56 - pfSense Tour
12:53 - Package Manager
13:39 - Conclusion
(Affiliate links may be included in this description. I may receive a small commission at no cost to you.)
📦 Products in this Video 📦
10gtek Dual Gigabit Nic amzn.to/3f3SleV
Intel Dual Gigabit NIC amzn.to/2B12Z7L
HP Dual Gigabit NIC amzn.to/3gjgKyFTechno Tim Kits:
► 4K RU-vid Kit - kit.co/TechnoTim/4k-youtube-kit
► Pro Level Live Streaming Kit - kit.co/TechnoTim/pro-level-li...
► Budget Gaming Streaming PC 2020- kit.co/TechnoTim/budget-gamin...
► Performance Virtualization Server- kit.co/TechnoTim/performance-...
► Budget NAS Server- kit.co/TechnoTim/budget-nas-s...
► Coding & Gaming Keyboards- kit.co/TechnoTim/coding-gamin...
► Coding & Gaming Mice- kit.co/TechnoTim/coding-gamin...
⏯ Recommended Videos ⏯
► 20 Ways to Use a Virtual Machine (and other ideas for your homelab) • 20 Ways to Use a Virtu...
► Remote Gaming with Promox • Remote Gaming! (and Vi...
► Let's Build a Discord Bot Using DiscordJS - Moderator Bot • Let's Build a Discord ...
#Proxmox #Homelab #pfSense #Virtualization#TechnoTim
Description Tags: Techno Tim, technotim, vm, proxmox, homelabs, hyperv, hypervisor, install pfsense community eidtion, pfsense setup, nic passthrough, router, firewall, secure, firewall, router, homelab ideas, virtual machine ideas, kvm
Thank you for watching!

Наука

Опубликовано:

16 июн 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 571

@TechnoTim 4 года назад

Which firewall / router are you running at home? If you can't remember, maybe it's time to SWITCH ;) By the way, if you're new here, welcome! Please remember to ✨subscribe✨ for more content like this!

@--ic0n-1- 4 года назад

Used Pfsense since 3 years back inside of a proxmox machine at home. Coupled together are a XCP-NG machine running Pfsense at my parents house with IPsec tunneling. (150km) Getting 250/250mbit sym bandwith between the two places. :)

@TechnoTim 4 года назад

Nice! That's awesome you have a hypervisor at your parents house! Why did you choose XCP-NG over proxmox?

@--ic0n-1- 4 года назад

@@TechnoTim I think both are realy good products. XCP-ng do have a easier time to bind a swarm of servers in my opinion. And i do like the disaster recovery, XenMotion, True backup system compare to tar.gz of proxmox. But as i said. You can't go wrong with either.

@AinzOoalG0wn 4 года назад

just a question, but is it safe to use qnap nas virtual station for pfsense vm? compared to using say a nuc install ubuntu? then install proxmox? then install pfsense freebsd as a vm using that proxmox? no portforwarding being done, just merely using as an edge router firewall.

@TheoParis 3 года назад

@amosgiture 3 года назад

Always log on with the new account before disabling the old account.

@BrianEvans766 Год назад

Lmao risky

@alejandrodpf 4 года назад

Incredible quality, easy to understand, as always fantastic! Thanks for your videos Tim, keep doing them please.

@TechnoTim 4 года назад

You got it! Thank you!

@valeriomec214 2 года назад

Tim, your videos are invaluable. Thanks for the amazing work, you TRULY deserve like 1 MLN subscribers already.

@sebastiaanstoffels7565 3 года назад

I have an identical setup. One thing to consider depending on how many cores you have on the host, is to make the CPU type 'host' and pass through 1 or 2 physical cores. This should ( depending on your CPU ) enable the AES-NI CPU crypto which can be useful if you use OpenVPN and want faster throughput over encrypted connections. Awesome guides by the way, I wish these vids were around years ago!

@TechnoTim 3 года назад

Good call!

@mipmipmipmipmip 10 месяцев назад

This is very useful, thanks!

@GhostZodick 3 года назад

I went through the same research journey around the same time. I also seriously thought about putting pfSense on virtual machine. Eventually I decided to purchase a dedicated hardware for pfSense because of all the reasons people talked about on the internet. I probably would try to visualize it if I saw your video earlier. Now my whole set up is already completed, and it's very stable. I don't want to mess with it.

@TechnoTim 3 года назад

Whatever works for you!

@rbrjoel 3 года назад

Seriously the most helpful tutorials on RU-vid, thank you!

@TechnoTim 3 года назад

Glad it was helpful!

@Hazmatguy117 2 года назад

Love playing around with Proxmox at home, it really impresses my boss when I talk above his head with tech stuff lol. Thanks!

@kodemasterx Год назад

Even though I have a PCI network card with two ports, adding them as PCI cards in Proxmox did not work for but instead as NICs, the rest was flawless, thanks for the video man, I dropped a sub as well.

@Cleanser23 3 года назад

just fantastic. I have been prepping my own home server and was sweating because I wasn't sure what to do to isolate it from the network. "Is it safe to host?" "whats pfsense even do" "should i buy dedicated hardware" "where WAS that lasagna!?!" and this video made it so clear. Thank You

@nixxblikka 4 года назад

I really enjoy watching these videos, it is your relaxed way to present the topics and nice background music ! Keep up the great work

@TechnoTim 4 года назад

Thank you very much!

@matthewwren2877 2 года назад

Such a great idea for those tech heads that want to do something more than what those basic modem routers.. Just a note for those with different NBN connections that you may still need the netgear/gateway/modem from your ISP but simply put it into bridge mode then pass that to the WAN interface as per TechnoTim's guide!! (suit most Australian NBN type of setups) As I am and Aussie viewer also!!!

@Supperconductor 4 года назад

That took some effort, but I got my NICs on the Dell R710 passed-thru and my network is up! I learned a heckuva lot along the way. Thanks Tim!

@TechnoTim 4 года назад

Nice work!

@Twylight85 3 года назад

@supperconductor @techno Tim Hey there. r720 running a pcie intel dual nic as recommend. Proxmox informs me that IOMMU is not present when I attempt to boot the vm. It’s enabled in the bios.... Followed a couple of GPU guides for pass through... what am I missing, guys?

@haydenc2742 Год назад

Outstanding!!!! Thank you for this! What is cool, is since the host os is debian based, you can install and run netstat which gives MUCH more information about thruput on the nics

@dionisierus5055 3 года назад

the production quality of your videos is excellent. Tutorials are short and helpful - no wasted time. Subscribed!

@TechnoTim 3 года назад

Thank you so much!

@frankrobinson6615 3 года назад

Techno Tim Rocks!!! Awesome content and delivery. Thank you.

@TechnoTim 3 года назад

Glad you think so!

@peterhast Год назад

Thank you for doing this, and the education, I appreciate it, it worked great.

@huplim 4 года назад

Great stuff Tim. Subscribed!!!

@TechnoTim 4 года назад

Thank you! Glad you like it!

@roguestratus8449 Год назад

Heyo Tim, you have greatly helped me get into the Homelab scene, and I appreciate it. With that said, you really should consider revisiting this video with a 2022/2023 edition. Reason why I say this is because passing my NIC down to the OPNSense VM in Proxmox (and even Pfsense) straight up did not work. I almost gave up, until I talked to someone that had a workaround: by creating a Linux bridge with the NIC as an alternative way. Passing the NICs down did not work but creating a bridge did. I had other people express their grievance about following your video and having it not work. And from what I heard, when it comes to virtualizing routers/firewalls, passing down NICs is a huge NoNo for this reason. I have no doubt this worked for some people, but I feel like there is a higher chance of success with an updated video by using the create Linux bridge method. Just my 2 cents!

@kerrydaniels8460 Год назад

He recommended the first method likely because it maximizes performance to just pass through, but bridging through a virtual interface works likely as well. His suggestion is ideal when supported. If not, with VM's you can typically emulate a method instead. Pass through in general can get finicky for some.

@TylerNyland 11 месяцев назад

I had issues trying to passthrough my 4port NIC card. I ended up unchecking the "all functions box" and that solved my problems.

@JamesMartin2014 3 года назад

Great tutorial. I really like how well you laid out this content. I'm a network engineer and while I knew how to do all of this networking, I wanted to see how you explained it for laymen. Fantastic stuff. I also completely muffed my own proxmox setup, I didn't realize you could pass through NIC's so easily. I made an OVS bridge for the WAN, I don't want to talk about it :( One little change I would make is on the LAN gateway address. While you can always make the gateway whatever IP you want on the subnet, I really like to keep it to either the first address in the subnet, or the last address in the subnet. Remembering a random address is difficult years down the line and if you ever need to add a statically configured network device, its easier to remember first address or last address. Anyway, just my $0.02.

@TechnoTim 3 года назад

Thank you so much!

@Nur__ Год назад

Makes a lot of sense

@OMGTheCloud 3 года назад

Nice! I’m a big pfSense advocate. Subscribed!

@odirienduranceejitagha9499 4 года назад

I had no idea before now I Know, Thanks for your video.

@TechnoTim 4 года назад

Happy to help

@mesteme Год назад

This was so helpful, thank you

@LawrenceSingha 3 года назад

No. 600 - excellent video and now you given me an excuse to do what you done VM of pfsense 👍🏼

@TechnoTim 3 года назад

You can do it!

@alexzendermarunsai 4 года назад

I guess it's time to smash my buggy tplink router and say hello to virtual router. Cool tutorial as always. Keep it up man 👍

@TechnoTim 4 года назад

‘Atta boy!

@JuanLopez-db4cc 4 года назад

Thanks for this Video.

@TechnoTim 4 года назад

You are most welcome! Thank you for watching and commenting!

@lakshaynz 2 года назад

This is the best guide

@NM-vw6xq 3 года назад

Awesome video and tutorial! Thank you Tim! During this lock down, it was a great time to get something like this set up and your video was a huge help.

@TechnoTim 3 года назад

N M thank you! Glad it helped!

@lk-777-me 2 года назад

Thank you for this video! Regarding CPU settings. To have AES-NI CPU Crypto: Yes, I selected Type: host (if the host CPU supports AES-NI, of course). And adding PCI nics (in my case Intel) didn't work with "All Functions" enabled. Maybe it doesn't work with this particular board. So I cleared this box.

@digbijaypaul8474 2 года назад

Like the explanation.

@TechnoTim 2 года назад

Thank you!

@vfxfan9589 4 года назад

Wow great, please more pfSense tutorials!

@TechnoTim 4 года назад

I have quite a few tutorials, more to come! Check out the rest of my videos!

@vfxfan9589 4 года назад

@@TechnoTim Thanks!

@bousbouss 3 года назад

Perhaps good thing to mention in a comment is that you need IOMMU enabled. I went and watched your "before I do anything" video and you explained it great there. Quick reference would be nice because I got stuck when I wanted to start the VM.

@bousbouss 3 года назад

@Régis Loyauté The fact I didnt know kind of hightlights the absence of common knowledgde. These videos arent made for veterans of virtualisation as far as I'm aware.

@jothain 2 месяца назад

This something worth noting indeed. I personally ran into lack of IOMMU on one older hardware. Let's be real. There's a lot of vids that recommend turning old device into Proxmox server and in certain situations user will severly get hampered with lack of its support. I was looking into sharing gpu to vm and ran into lack of IOMMU hardware support.

@sophiethecat9256 3 года назад

PFsense has gotten so much better looking

@TechnoTim 3 года назад

Agreed!

@jelteswinnen6865 3 года назад

I like your videos!! Very good youtuber!

@TechnoTim 3 года назад

Thank you very much!

@notsure7874 2 года назад

Proxmox is great, and I have a whole lot of virtualized gear, but my router isn't one of them. I tried it, and quickly figured out why a router should be on its own hardware. The first time my power blinked - I was ordering hardware to run pfsense on the next day.

@Rsantana380 3 года назад

implementing this today

@TechnoTim 3 года назад

Oh yeah!

@perfect.stealth 3 года назад

Is no one going to mention how much you look like Johnny Depp? Never the less, i love your tutorials. Easy to understand.

@TechnoTim 3 года назад

haha thank you!

@OccupyEtcheverry 3 года назад

@@TechnoTim +1 agree with Suleiman. if johnny deep was a sys admin he would be u lol

@sontechno1 3 года назад

Thank you for your video

@TechnoTim 3 года назад

Thank you!

@reubenf1367 Год назад

Hi Tim fantastic video! I'm just getting started with Proxmox but so far I am digging it, I want to set up a virtual PFsense instance but not to act as my real firewall in my office, I just want to be able to join other VM’s within Proxmox to the LAN network that PFsense is creating. That way I could test VPN solutions like Wireguard, Zerotier and Open VPN from one VM to another that are on different networks. My Proxmox box does have 2 NICS, actually 3, what would be the best way to go about this? I feel like I can basically follow your tutorial except for on the LAN NIC for PF sense I don't need to connect it to a switch I just need it to broadcast to the other VMS in Proxmox, just not quite sure how to do that. Thanks !

@ViktorWingqvist 2 года назад

Great stuff!! Any chance you could do a video on how to create an AP too using the integrated wifi adapter many repurposed homelab computers have? :)

@YannMetalhead 23 дня назад

Good video!

@rtisma 2 года назад

@Techno Tim Thank you for the great video! I'm just scoping out the work I have a head of me, and want to know, can you access the proxmox UI via web from an IP dealt by the pfsense VM? Ideally i would like proxmox to be accessible from the virtual router, instead of the physically accessing the proxmox service with a keyboard and mouse. So my usecase is simple: access proxmox from my desktop that is connected to my virtual pfsense router.

@francoiswilliams565 3 года назад

Hi Tim, awesome video. I opted for OPNSense. I added 2 x NICS to proxmox and struggled getting them in different groups This is how I resolved that: In proxmox shell... >> lspci | grep Ethernet 03:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. Device 8161 (rev 15) 06:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. Device 8161 (rev 15) >> find /sys/kernel/iommu_groups/ -type l | grep 03 Showed both nics in group 7 /sys/kernel/iommu_groups/7/devices/0000:03:00.0 /sys/kernel/iommu_groups/7/devices/0000:06:00.0 Edited grub as follows: >> nano /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT="quiet amd_iommu=on pcie_acs_override=downstream,multifunction" >> update-grub >> shutdown -h now and switched the server on again. I could then add the NICs to my VM. Noob dilemma. Please help me getting to my VM -- Laptop connected via router (192.168.21.1) to proxmox host (192.168.21.10) How can I connect to the host as well (or interchangeably) to the OPNSense VM?

@TechnoTim 3 года назад

Francois Williams how many nics do you have total?

@francoiswilliams565 3 года назад

@@TechnoTim 1x Onboard + 2 PCIe cards each with a single port. The onboard one I want to use to manage the proxmox server and the other two cards for WAN and LAN. Just not sure how to do the above. Thx for replying.

@francoiswilliams565 3 года назад

Hi Tim You mentioned in the video that you manage your proxmox server using your laptop. How do you do that without using a secondary router (i.e. not the opnsense wan interface)?

@francescocatrambone166 Год назад

Very helpful video, thanks! I have a question though if you don’t mind! Say i create a linux bridge to the passed-trough LAN port to allow connectivity between my other VMs and the physical switch managed by pfsense. Will the VMs bypass the pfsense firewall? Or will they be routed trough it? Thanks!

@oah8465 3 года назад

fantastic video, however on the pfsense installation guide for PVE it mentions the creation of vmbr1 and vmbr2 and assign them to eth1 and eth2 assuming vmbr0 and eth0 are reserved for managing PVE. So did you that step here?

@MrGatya2 Год назад

This video was awesome. While we are on the subject of virtualizing firewall: Can you add a third NIC to the PFsense VM that is also on the LAN side but its inside the Proxmox virtual environment? What I mean is, for physical devices on the LAN side you would connect it to the LAN physical port (maybe add a switch first), but for the other VMs that live on the same Proxmox host as the Pfsense, it would be a waste to send their traffic out a phisical port then back on the LAN port. Is my assumption correct that all you would have to do is create a new linux bridge in proxmox (vmbr2 maybe) and just add that as a third adapter to pfsense and configure it as LAN. Then from there just add that bridge as an adapter to all your VMs?

@stuartfulcher5677 2 года назад

Fantastic tutorial @Techno Tim, I just have a question that I am struggling with this setup... Let's say you've dedicated both the PCI LAN/WAN NIC cards to the PfSense VM. Is it still possible/recommended to bridge your proxmox node to the same LAN NIC which is now dedicated directly to the VM? Or will I need a 3rd NIC for the proxmox node as well? I'd prefer to only have a single NIC for LAN and proxmox host for simplicity's sake.

@stuartfulcher5677 2 года назад

To answer my own question, as soon as I bridged my management network to the LAN nic dedicated to PfSense, I lost control of my hypervisor and had to edit /etc/network/interfaces on the proxmox server itself to revert the changes. I guess I will have to keep a dedicated 3rd NIC for management /clustering purposes for proxmox.

@user-gd9nd2br9o 4 месяца назад

two things....why did you add pci device and not network device card as i've seen in all other similar vids?....secondly, as feedback - thanks for posting. apart from knowledgeable and simple to follow, it's calm and easy to listen to...

@davidnickel3949 8 месяцев назад

i got further with 8.0 then others version with this guide ty i have an older intel dual 100 nic that i may use as new is not in the cards yet lol.

@emoisit 2 месяца назад

Hi Tim. You need to put a space before 'Techno' for the link to the HP Dual Gigabit NIC so the link works.

@redraider1863 3 года назад

Thanks for the video! Really clear explanations. Question: in choosing all of your cores under the CPU tab, does that mean that there will no cores available for other VMs? If you have more than one VM, should you divide the cores between them?

@TechnoTim 3 года назад

I over provision all my vms. Basically give them all available cores that the host has.

@TechnoTim 3 года назад

Also, thank you!

@redraider1863 3 года назад

@@TechnoTim OK, thanks!

@sy5tem Год назад

a little update for all , you can get a pfsense + home subscrition now so more features for free ! btw great video(all of them that i saw ) mister tim

@TechnoTim Год назад

Thank you!

@magictbjc7324 2 года назад

I fully believe this set up works. you are essentially using your proxmox as your network gateway, which is not very secure

@TechnoTim 2 года назад

WAN has exclusive access to the NIC

@mehdibelkhayat5088 3 года назад

Hi Tim,thanks for your great videos, I m interested to see how you implement vdi infrastructure solution with proxmox and open source tech you prefer to do that

@LivioHenery Год назад

Might be late to the party, followed your video and worked perfectly (thank you) only thing is if I reboot the vm (for pfsense) I don't get a WAN ip back, only way to get it is to reboot the Proxmox server, can't find anything to point me to the correct direction

@succubiuseisspin3707 3 года назад

If your CPU supports AES-NI and you like to use it in your pfSense/OPNsense VM for OpenVPN etc. you can change processor type to "host"

@TechnoTim 3 года назад

Good call!

@tomashrubovcak3770 3 года назад

Basically you always want to use host, unless you want to do a live migration to a different host with a different cpu. Kvm has the bare minimum of cpu flags, host type is always better

@succubiuseisspin3707 3 года назад

@@tomashrubovcak3770 Hm, yeah, sounds reasonable. Any idea why proxmox defaults to KVM ?

@tomashrubovcak3770 3 года назад

@@succubiuseisspin3707 precisely for live vm migration reasons. I learned that the hard way when I couldn't figure out why my tls offloading proxy was so slow on my proxmox vm... Then I dug around and found some official docs covering that.

2 года назад

Tnks for the help, @Techni Tim! If anyone get a error like this -> "TASK ERROR: KVM virtualisation configured, but not available. Either disable in VM configuration or enable in BIOS." - Please, follow this steps to solve! Bye!

@johnbaker7993 3 года назад

Just recently found the videos and am enjoying them very much, but, I have a question... I think you mentioned this pass-through was done on a R710 (I could be mistaken)? If so, how did you get it to work? There seems to be Dell related laziness keeping an IOMMU/pass-through setup from working properly due to some unpatched Intel screwup. I usually just bridge interfaces on VMs when needed, but decided to try this out. Nothing has worked. I have a R610 and R710 here along with dual and quad port Intel Pros. Did you end up having to use the "Allow Unsafe Interrupts" option?

@TechnoTim 3 года назад

Bridge will work too if you don't want to pass through. I did not have to use Allow Unsafe Interrupts

@maksim4995 4 года назад

Thank you very much for so incredible manual! is it correct if I have two inbuilt NIC in my motherboard then in my case will be better use two bridges in Proxmox instead of PCI-passthrough?

@TechnoTim 4 года назад

Thank you! I think that should work too!

@terminalvelocity4858 9 месяцев назад

Thank you for this video. I have one “noob”question. Using a physical machine that has 6 network ports, running ProxMox and a pfSense VM...how can I access ProxMox web control panel from my network that is being served by pfSense? Do I just need to ensure ProxMox is on the same subnet as my LAN? Thank you kindly for helping.

@bearhntr928 6 месяцев назад

Great Video - first TechnoTim I have seen. Great job explaining and sharing. I have been using pfSense about 2 years now on an HP t620+ ThinClient with an added 2-port Intel i350-T2 card. Been working great, but I have this awesome Workstation class machine I want to use for ProxMox. I have 8.0.9 installed there, and I am just beginning. I purchased a 4-port i350-T4V2 for this box, and it is working fine. In the t620+ I had disabled the on-board NIC as was not using it. I know that ProxMox requires a NIC for accessing the host/dashboard, but can it be one of the 2-ports I will use on the i350-T4? I have a cable from Cable modem to port 0 on the 4-port and cable from port 1 to the Netgear Orbi (wifi AP)...as it has a satellite in the other end of the house where the office is - so that I have Wired (per se) access back there and wifi is stronger. From the Orbi (at the ProxMox box & modem - there is a cable into the on-board NIC of the ProxMox host). If I unplug this, I lose access to the host dashboard.

@sanjeewasamaranayake 4 года назад

Thanks for this great video. It is a good idea to do it from security point of view to have your proxmox server open to internet if you have all other important VMs in promox itself? I had been thinking about this but was bit concerned. I am building a new proxmox server so I am thinking it again. I have unifi USG as my router now but it lacks lot of good feature other than nice graphics

@TechnoTim 4 года назад

I don't see any security issues if you are passing the WAN NIC directly though to your network firewall appliance.

@lelandclayton5462 3 года назад

don't forget to enable IOMMU. The version of Proxmox 6.1-7 didn't enable it by default.

@TechnoTim 3 года назад

Good call! Sorry, I already had it enabled from a previous video >.

@lelandclayton5462 3 года назад

@@TechnoTim yea, took me a good hour to figure get my R410 working correctly with IOMMU.

@qqman9592 3 года назад

1.proxmox can do hardware accelaration from pfsense through nic ? 2. there is option to define standard vSwitch in proxmox like vsphere ?

@Dyrud19 3 месяца назад

Hello, nice video ! How do you connect other physical PCs to that virtualized router ?

@vh0ngpogi 3 года назад

thank youy

@TechnoTim 3 года назад

You're welcome

@borolo222 2 года назад

Hi Tim, great tut. Had to do some IOMMU separation to get it to work but finally did it and working. Now, I have PFsense running inside vm giving its own network and dhcp to everything comming out through the lan port. So far so good. I want now to place the proxmox host behind pfsense as well and leave the primary modem only passing traffic to pfsense with DMZ. I just need to plug the nic (using proxmox) to the switch but before change de ip address? I'm not sure how to do this.

@joanandestin4201 2 года назад

If Pfsense is running within Proxmox and connect to a modem, isn't promox exposed to the internet. Is it safe to just reroute all the traffic go through Pfsense including the other VM and CT?

@GopikrishnaS 3 года назад

@Techno Tim Thank you for your video, I have used this to make a similar setup. But the nodes on the LAN are not able to connect to WAN. They can get IP addresses though. Any tips to fix this? Please let me know. Thanks in advance!

@wmhp1 2 года назад

How does this work with your ubiquity gear (udm-pro)? I’m in a similar situation and just wanted your thoughts.

@markbifferos2765 5 месяцев назад

Hi TechnoTim, I hope you are able to answer one silly question about this setup: When experimenting with different virtualised router OSes I find the default LAN networks vary from product to product. And I like to just use the defaults most of the time in case changing them gives unexpected problems. This gives me a quandary about where to put my PVE management interface. I prefer to put it on the LAN, but that means it invariably ends up on a network number different from whatever I'm running for a router. So I have no access unless I mess with my network settings on my PC. Then I have to change them back to test out the router behaviour. I just wondered how you manage this problem in your setup, or do you just live with it?

@nanonerd 3 года назад

Thank you for this video, and for your channel. I do have a question. I have a similar setup as seen in the 2:22 mark of this video (onboard NIC and dual NIC card). My onboard NIC is attached to my switch via a green cable. My WAN port is plugged into my provider's cable modem via a white cable and my LAN port is plugged into my switch via a black cable (BTW, same switch that the onboard NIC is plugged into so that I can go to Proxmox web UI). pfsense seems to be working with this setup, but how do my Proxmox VMs get their Internet? Since the dual NIC card is being passed through to the pfsense VM, and other VM will not see this card. Is there something I need to do in Proxmox or pfsense to bridge the two?

@TechnoTim 3 года назад

Make sure you create a network bridge where all your physical and virtual devices can communicate with each other

@fmj_556 3 года назад

Nice!

@TechnoTim 3 года назад

Thanks!

@aquinamedia4508 3 года назад

How is the hypervisor acting on the open WAN port? Thinking with regards to open ports, updating etc.

@jakesllama 4 года назад

Dude thank you that's awesome. Where would you save the ISP account details though? Do you use a switch for extra ports?

@TechnoTim 4 года назад

Yes I do. My ISP information is a DHCP address on my WAN NIC, nothing to configure there for me.

@TechnoTim 4 года назад

Thank you! Also, yes, I do use a switch for extra ports. My LAN NIC goes to my switch.

@hzaphry Год назад

Is it possible to utilize pfsense on proxmox using only laptop with one NIC using VLANs. I know you elaborated on these subjects but not in such combination. Thanks for you help

@searchingsome1 3 года назад

Thank you for great video, Tim! Do you get good performance on your pfSense running in Proxmox? I get max 50mbps on 100mbps link with Squid and PfBlockerNG running. Have turned off hw checksum offload, played around with amount of RAM & CPU cores, but no luck. Was also running ntopng for a while, but itdecreases performance, so I removed it. I am running it on i5-7500 CPU with host CPU type, 4 to 8 gigs of RAM. Mifro form factor Dell PC, one interfaces is usb-to-ethernet. Tried different settings for it, but no luck as well. Do you have any ideas what can be the reason for that?

@TechnoTim 3 года назад

Hey! NP! My perf is normal when virtualized. I’ve heard of people having luck by setting their CPU type to host when virtualizing but I’ve never tried it. LMK!

@exjts 3 года назад

Hey, great video! Can you speak to theb tradeoffs in virtualizing and running pfSense through proxmox vs pfSense on bare metal? While this seems really cool, I do wonder about the overhead in virtualizing and what benefits I'd gain. The main one I see is in essentially being able to overprovision a server and essentially create "multiple" servers, though with a potential performance hit. Also possibly easier for backup and recovery? Also, related to above, would I be able to run a proxmox box with pfSense in 1 vm and e.g. Postgres in another all with 1 nic, or would I need multiple? It seems like I'd need 1 for wan and 1 for lan, plus ANOTHER for Postgres or any other servers. If I can do it all with one, is it even recommended? Feels like a security risk with possible performance issues also, intermingling all that traffic. Sorry for the wall of text!

@TechnoTim 3 года назад

Yes, easier for backup and recovery, also easy to switch out to something else. the downside is the internet goes down while your server reboots, which is rare but still there.

@derricklamers4857 3 года назад

Tim, I love your videos but had a quick question. Do you have failover for your virtualized firewall? I currently have pfSense virtualized on Proxmox but every time I need to reboot Proxmox, I bring down the network.

@TechnoTim 3 года назад

Thank you! I do not. That’s one of the cons of virtualizing anything, if you reboot the host the guest goes down.

@renedokbua8883 3 года назад

You don't actually have to patch the LAN port through to the Pfsense VM, you can just use the default Proxmox bridge and save a connection to your switch.

@TechnoTim 3 года назад

That’s right! You can go this route if you only have one additional NIC

@anirbandutta1371 2 года назад

Great Video ...I am new to networking ... If we virtualize the router given by ISP, how would we create a wireless network for this ? ..I suppose the NIC adapter will create only ethernet network ?

@TechnoTim 2 года назад

Hi! Yup, just connect a router to your LAN/Switch/Ether net and then turn off DHCP and routing. That's what I did! Then your old router just becomes and Access Point!

@MrBo3ek 2 года назад

Great tutorial as usuall from you. I have a question about the proxmox location in this infrastructure. Where is it placed in the network. I am running small server with pfsense virtualized but this server I own has only two LAN nics. One is used as a wan port and secon as a privet network. I wonder where and how to address the proxmox... I hope this question makes sense

@TechnoTim 2 года назад

It makes sense. Just make the LAN on your virtualized pfsesene virtual and connected to a linux bond. Then connect that linux bond to the NIC and use that for your LAN and proxmox

@kuflik 3 года назад

Hi Tim. The guide is nice and clear- but can you make a guide for people that want to utilize current equipment? Like old laptop with proxmox and pfsense (so one nic) and tp-link vlan switch. I tried to made such setup work with this guide combined with some router on a stick but I've failed:)

@benp439 3 года назад

You may be able to passthrough USB NICs however, reliability will be worse for the same price you can buy a PCIE NIC. If you already have USB 3 Gigabit NICs though, it's probably worth a try.

@snailprogrammer7483 2 года назад

Found your channel awhile ago but I never had any server stuff. Your stuff is awesome. Question about Users, if the new user added to PfSense has the same access as Admin, why create a new user? Is it because hackers will try to use admin as the username to login?

@TechnoTim 2 года назад

yeah, I do so that no one knows the default username. I typically do that anytime there is a generic name like "admin" or "administrator"

@AceBoy2099 Год назад

I'm sure it's been covered (in fact I know of 1 other creator that has) but running Unraid on Proxmox, I followed his skim-through and I can see it in the console but cant connect. Maybe in it elaborate on selecting network interfaces (cards) to split them among the chassis (Proxmox) and vms (PfSense, Unraid, and TrueNAS at least) And longshot but if you have a multi-day chassis (like my sc846) how to specify specific bays to certain vms (not specific drives, that way any drive inserted into "bay 20" will be assigned to vm X.

@rkbest9783 2 года назад

Tim, how did you connect the host OS to pfsense once its setup. As you used two ports passtrhough to pfsense (physically from the quad port), the host proxmox should also be on the LAN side. Will that use a physical connection from the pfsense LAN>switch>LAN3 (cable) or something else? Secondly, do you disable firewall option in the natwork setting of proxmox VM?

@TechnoTim 2 года назад

The lan should then connect to your switch. As for firewall on vm, yes disable in proxmox

@Billyfelicianojp 3 года назад

Maybe you should do a video on setting up Vlans on proxmox?

@TechnoTim 3 года назад

Thank you!

@hamhumtube 3 года назад

yes in deepth review and tutorial is much needed. i hope he would do it

@fanshaw 2 месяца назад

Warning: if something goes wrong with your virtualisation platform, you lose internet access, unless you have a multi-node cluster. In line with enterprise convention, I tend to keep critical things (which usually change rarely) separate from non-critical things (which tend to change more frequently). My NAS/virtualisation host changes far more frequently than my firewall, and I want my firewall to be up, even if my NAS is down - in fact, I need my firewall up _especially_ when my virtualisation host is down.

@idriskautsar757 3 года назад

please make video about openmediavault with proxmox, how the right way we do the config, for share storage, and storage for CCTV using FTP/SFTP protocol and others what that openmediavault can do, by the way, thanks for explaining clearly, i like a way you explain

@TechnoTim 3 года назад

Hey sorry. I don’t use omv

@RBoulanouar 2 года назад

Great video. Thanks. However the vm needs to be the first to hit the traffic and we need to ensure all Others vm access internet through pfsense. Can you share the iptable rules you have in place to ensure that? Thx

@ViktorWingqvist 2 года назад

Is this possible to do with only 2 ethernet ports? I have a pcie card with 1 ethernet port, and I also have the standard one on the motherboard. In 2:22 I can see that the red wire is probably connected to whatever computer is used to connect to the proxmox web interface. Trying it out for myself with just 2 ports made my setup, as expected, go down :) I will try again with a USB-ethernet dongle or the onboard wifi (if I can get it to work) so I can access the web-interface..

@WalkedDave Год назад

Hello, my networking setup at home are ONT and a openwrt router. Can i set the pfsense on the midle of the ont and router

@Franchyze923 Год назад

Any thoughts on installing with zfs? Seems to be the default these days

@whylde7834 3 года назад

Thanks for the video! If dont have a 2 port NIC can I add an additional 1 port NIC to go along with the built in one on my mobo?

@hitechfl 3 года назад

Yes

@offlercrocgod 3 года назад

Yes but then your Proxmox server loses it's connection as the VM will take both NICs as soon as it's started.

@guya4007 3 года назад

Hi TechnoTim, this was a great tutorial. I followed it almost successfully, all my LAN client are getting IP addresses except for the guest VMs that rely on the vmbr NIC. Did you come across this and if so how did you resolve it? Many thanks

@MegaTheDamir Год назад

@guya4007 Did you ever solve your issue. I have Exactly the same issue

@ierosgr 3 года назад

Hi Nice Vid!! At 3.48 you mention that you can pass-through of a 4 nic card only the 1/4 portion of it?? How is that possbile? I am used to Unraid on which you need to exclude the specific pci device you want to pass first and afterwards to give it to the VM. Even more difficult if that device is a motherboard controller (usb, nic). Is it possible in Proxmox to pass-through motherboard controllers without braking things? Isn t in Proxmox mandatory the passed through device to be in its own iommu (so iommu capable motherboard needed?) Last but not least did you have to put your isp's modem in bridged mode in order for this to work? Thank you

@TechnoTim 3 года назад

ierosgr you can split up IOMMU groups in Proxmox with config! Not sure about splitting integrated motherboard items. Didn’t have to do anything different for my ISP’s modem. A NIC is a NIC to them.

@ierosgr 3 года назад

@@TechnoTim At the start of the video you show up an intel nic which is an external pci device. Afterwards show you passing through a broadcom (so an intergraded one) Which of the two did you pass to Pfsense? Why a nic card differ from a gpu device and you dont have to enter conf files to exclude it from Hypervisor at boot like a gpu?

@NicAslett Год назад

I am wondering how you interact with Proxmox after you virtualize your network as a VM through Proxmox... I am wondering how the system determines an IP through a VM that hasn't booted yet. After it boots, how does it get an IP from the VM?

@wangshuokevin 2 года назад

Can you use SRIOV instead of passing the whole nic? So you still can have some VFs for your other VMs.

@Suriprofz 9 месяцев назад

So all other vms and the host should use the vmbr u mapped to lan right?

@wshyangify 2 года назад

Is it possible to route traffic from your proxmox hypervisor out through the pfsense vm? Without having to use an additional port to connect the hypervisor box to the switch?

@iceman997799 2 года назад

i now can run all my pfsnese on one server having over 10 ips and wanting firewall protection for all was a headache. now with all of them on one machine i can monitor them easier than before. Just a note if running nic that have 4 ports i didn't check the all function it would disable the 4 port to a 2 port for some weird reason.