How to Virtualize Your Home Router / Firewall Using pfSense
Вставка
- Опубліковано 28 чер 2024
- It's time to say goodbye to your home router and start virtualizing it using Proxmox and pfSense.
Video Notes: technotim.live/posts/proxmox-...
pfSense Community Edition Download: www.pfsense.org/download/
Get started with Proxmox today: • Proxmox VE Install and...
Support me on Patreon: / technotim
Sponsor me on GitHub: github.com/sponsors/timothyst...
Subscribe on Twitch: / technotim
Become a UA-cam member: / @technotim
Merch Shop 🛍️: l.technotim.live/shop
Gear Recommendations: l.technotim.live/gear
Get Help in Our Discord Community: l.technotim.live/discord
2nd channel: / @technotimtalks
00:00 - Intro
00:20 - Why
01:40 - The Required Network Card
02:04 - Hardware Install
02:22 - Software Install
02:40 - Proxmox Config
04:55 - Install pfSense
08:33 - pfSense First Start & Config
09:56 - pfSense Tour
12:53 - Package Manager
13:39 - Conclusion
(Affiliate links may be included in this description. I may receive a small commission at no cost to you.)
📦 Products in this Video 📦
10gtek Dual Gigabit Nic amzn.to/3f3SleV
Intel Dual Gigabit NIC amzn.to/2B12Z7L
HP Dual Gigabit NIC amzn.to/3gjgKyFTechno Tim Kits:
► 4K UA-cam Kit - kit.co/TechnoTim/4k-youtube-kit
► Pro Level Live Streaming Kit - kit.co/TechnoTim/pro-level-li...
► Budget Gaming Streaming PC 2020- kit.co/TechnoTim/budget-gamin...
► Performance Virtualization Server- kit.co/TechnoTim/performance-...
► Budget NAS Server- kit.co/TechnoTim/budget-nas-s...
► Coding & Gaming Keyboards- kit.co/TechnoTim/coding-gamin...
► Coding & Gaming Mice- kit.co/TechnoTim/coding-gamin...
⏯ Recommended Videos ⏯
► 20 Ways to Use a Virtual Machine (and other ideas for your homelab) • 20 Ways to Use a Virtu...
► Remote Gaming with Promox • Remote Gaming! (and Vi...
► Let's Build a Discord Bot Using DiscordJS - Moderator Bot • Let's Build a Discord ...
#Proxmox #Homelab #pfSense #Virtualization#TechnoTim
Description Tags: Techno Tim, technotim, vm, proxmox, homelabs, hyperv, hypervisor, install pfsense community eidtion, pfsense setup, nic passthrough, router, firewall, secure, firewall, router, homelab ideas, virtual machine ideas, kvm
Thank you for watching! - Наука та технологія
Which firewall / router are you running at home? If you can't remember, maybe it's time to SWITCH ;)
By the way, if you're new here, welcome! Please remember to ✨subscribe✨ for more content like this!
Used Pfsense since 3 years back inside of a proxmox machine at home. Coupled together are a XCP-NG machine running Pfsense at my parents house with IPsec tunneling. (150km) Getting 250/250mbit sym bandwith between the two places. :)
Nice! That's awesome you have a hypervisor at your parents house! Why did you choose XCP-NG over proxmox?
@@TechnoTim I think both are realy good products. XCP-ng do have a easier time to bind a swarm of servers in my opinion. And i do like the disaster recovery, XenMotion, True backup system compare to tar.gz of proxmox. But as i said. You can't go wrong with either.
just a question, but is it safe to use qnap nas virtual station for pfsense vm? compared to using say a nuc install ubuntu? then install proxmox? then install pfsense freebsd as a vm using that proxmox?
no portforwarding being done, just merely using as an edge router firewall.
XD
Always log on with the new account before disabling the old account.
Lmao risky
I have an identical setup. One thing to consider depending on how many cores you have on the host, is to make the CPU type 'host' and pass through 1 or 2 physical cores. This should ( depending on your CPU ) enable the AES-NI CPU crypto which can be useful if you use OpenVPN and want faster throughput over encrypted connections. Awesome guides by the way, I wish these vids were around years ago!
Good call!
This is very useful, thanks!
Incredible quality, easy to understand, as always fantastic! Thanks for your videos Tim, keep doing them please.
You got it! Thank you!
Tim, your videos are invaluable. Thanks for the amazing work, you TRULY deserve like 1 MLN subscribers already.
just fantastic. I have been prepping my own home server and was sweating because I wasn't sure what to do to isolate it from the network.
"Is it safe to host?"
"whats pfsense even do"
"should i buy dedicated hardware"
"where WAS that lasagna!?!"
and this video made it so clear. Thank You
I went through the same research journey around the same time. I also seriously thought about putting pfSense on virtual machine. Eventually I decided to purchase a dedicated hardware for pfSense because of all the reasons people talked about on the internet. I probably would try to visualize it if I saw your video earlier. Now my whole set up is already completed, and it's very stable. I don't want to mess with it.
Whatever works for you!
Seriously the most helpful tutorials on UA-cam, thank you!
Glad it was helpful!
Such a great idea for those tech heads that want to do something more than what those basic modem routers.. Just a note for those with different NBN connections that you may still need the netgear/gateway/modem from your ISP but simply put it into bridge mode then pass that to the WAN interface as per TechnoTim's guide!! (suit most Australian NBN type of setups) As I am and Aussie viewer also!!!
Even though I have a PCI network card with two ports, adding them as PCI cards in Proxmox did not work for but instead as NICs, the rest was flawless, thanks for the video man, I dropped a sub as well.
Love playing around with Proxmox at home, it really impresses my boss when I talk above his head with tech stuff lol. Thanks!
I really enjoy watching these videos, it is your relaxed way to present the topics and nice background music ! Keep up the great work
Thank you very much!
Techno Tim Rocks!!! Awesome content and delivery. Thank you.
Glad you think so!
Outstanding!!!! Thank you for this!
What is cool, is since the host os is debian based, you can install and run netstat which gives MUCH more information about thruput on the nics
Heyo Tim, you have greatly helped me get into the Homelab scene, and I appreciate it. With that said, you really should consider revisiting this video with a 2022/2023 edition. Reason why I say this is because passing my NIC down to the OPNSense VM in Proxmox (and even Pfsense) straight up did not work. I almost gave up, until I talked to someone that had a workaround: by creating a Linux bridge with the NIC as an alternative way. Passing the NICs down did not work but creating a bridge did. I had other people express their grievance about following your video and having it not work. And from what I heard, when it comes to virtualizing routers/firewalls, passing down NICs is a huge NoNo for this reason. I have no doubt this worked for some people, but I feel like there is a higher chance of success with an updated video by using the create Linux bridge method. Just my 2 cents!
He recommended the first method likely because it maximizes performance to just pass through, but bridging through a virtual interface works likely as well. His suggestion is ideal when supported. If not, with VM's you can typically emulate a method instead.
Pass through in general can get finicky for some.
I had issues trying to passthrough my 4port NIC card. I ended up unchecking the "all functions box" and that solved my problems.
Great stuff Tim. Subscribed!!!
Thank you! Glad you like it!
the production quality of your videos is excellent. Tutorials are short and helpful - no wasted time. Subscribed!
Thank you so much!
That took some effort, but I got my NICs on the Dell R710 passed-thru and my network is up! I learned a heckuva lot along the way. Thanks Tim!
Nice work!
@supperconductor @techno Tim Hey there. r720 running a pcie intel dual nic as recommend. Proxmox informs me that IOMMU is not present when I attempt to boot the vm. It’s enabled in the bios.... Followed a couple of GPU guides for pass through... what am I missing, guys?
Nice! I’m a big pfSense advocate. Subscribed!
Thank you for doing this, and the education, I appreciate it, it worked great.
I had no idea before now I Know, Thanks for your video.
Happy to help
This was so helpful, thank you
No. 600 - excellent video and now you given me an excuse to do what you done VM of pfsense 👍🏼
You can do it!
Thanks for this Video.
You are most welcome! Thank you for watching and commenting!
Great tutorial. I really like how well you laid out this content. I'm a network engineer and while I knew how to do all of this networking, I wanted to see how you explained it for laymen. Fantastic stuff. I also completely muffed my own proxmox setup, I didn't realize you could pass through NIC's so easily. I made an OVS bridge for the WAN, I don't want to talk about it :( One little change I would make is on the LAN gateway address. While you can always make the gateway whatever IP you want on the subnet, I really like to keep it to either the first address in the subnet, or the last address in the subnet. Remembering a random address is difficult years down the line and if you ever need to add a statically configured network device, its easier to remember first address or last address. Anyway, just my $0.02.
Thank you so much!
Makes a lot of sense
I guess it's time to smash my buggy tplink router and say hello to virtual router. Cool tutorial as always. Keep it up man 👍
‘Atta boy!
Great stuff!!
Any chance you could do a video on how to create an AP too using the integrated wifi adapter many repurposed homelab computers have? :)
This is the best guide
Thank you for this video! Regarding CPU settings. To have AES-NI CPU Crypto: Yes, I selected Type: host (if the host CPU supports AES-NI, of course). And adding PCI nics (in my case Intel) didn't work with "All Functions" enabled. Maybe it doesn't work with this particular board. So I cleared this box.
Hi Tim fantastic video!
I'm just getting started with Proxmox but so far I am digging it, I want to set up a virtual PFsense instance but not to act as my real firewall in my office, I just want to be able to join other VM’s within Proxmox to the LAN network that PFsense is creating.
That way I could test VPN solutions like Wireguard, Zerotier and Open VPN from one VM to another that are on different networks.
My Proxmox box does have 2 NICS, actually 3, what would be the best way to go about this?
I feel like I can basically follow your tutorial except for on the LAN NIC for PF sense I don't need to connect it to a switch I just need it to broadcast to the other VMS in Proxmox, just not quite sure how to do that.
Thanks !
Proxmox is great, and I have a whole lot of virtualized gear, but my router isn't one of them. I tried it, and quickly figured out why a router should be on its own hardware. The first time my power blinked - I was ordering hardware to run pfsense on the next day.
I like your videos!! Very good youtuber!
Thank you very much!
Thanks for the video! Really clear explanations. Question: in choosing all of your cores under the CPU tab, does that mean that there will no cores available for other VMs? If you have more than one VM, should you divide the cores between them?
I over provision all my vms. Basically give them all available cores that the host has.
Also, thank you!
@@TechnoTim OK, thanks!
Like the explanation.
Thank you!
Wow great, please more pfSense tutorials!
I have quite a few tutorials, more to come! Check out the rest of my videos!
@@TechnoTim Thanks!
Perhaps good thing to mention in a comment is that you need IOMMU enabled. I went and watched your "before I do anything" video and you explained it great there. Quick reference would be nice because I got stuck when I wanted to start the VM.
@Régis Loyauté The fact I didnt know kind of hightlights the absence of common knowledgde. These videos arent made for veterans of virtualisation as far as I'm aware.
This something worth noting indeed. I personally ran into lack of IOMMU on one older hardware. Let's be real. There's a lot of vids that recommend turning old device into Proxmox server and in certain situations user will severly get hampered with lack of its support. I was looking into sharing gpu to vm and ran into lack of IOMMU hardware support.
Hi Tim,thanks for your great videos, I m interested to see how you implement vdi infrastructure solution with proxmox and open source tech you prefer to do that
Awesome video and tutorial! Thank you Tim! During this lock down, it was a great time to get something like this set up and your video was a huge help.
N M thank you! Glad it helped!
fantastic video, however on the pfsense installation guide for PVE it mentions the creation of vmbr1 and vmbr2 and assign them to eth1 and eth2 assuming vmbr0 and eth0 are reserved for managing PVE. So did you that step here?
Thank you for your video
Thank you!
@Techno Tim Thank you for the great video! I'm just scoping out the work I have a head of me, and want to know, can you access the proxmox UI via web from an IP dealt by the pfsense VM? Ideally i would like proxmox to be accessible from the virtual router, instead of the physically accessing the proxmox service with a keyboard and mouse. So my usecase is simple: access proxmox from my desktop that is connected to my virtual pfsense router.
PFsense has gotten so much better looking
Agreed!
implementing this today
Oh yeah!
Fantastic tutorial @Techno Tim, I just have a question that I am struggling with this setup... Let's say you've dedicated both the PCI LAN/WAN NIC cards to the PfSense VM. Is it still possible/recommended to bridge your proxmox node to the same LAN NIC which is now dedicated directly to the VM? Or will I need a 3rd NIC for the proxmox node as well? I'd prefer to only have a single NIC for LAN and proxmox host for simplicity's sake.
To answer my own question, as soon as I bridged my management network to the LAN nic dedicated to PfSense, I lost control of my hypervisor and had to edit /etc/network/interfaces on the proxmox server itself to revert the changes. I guess I will have to keep a dedicated 3rd NIC for management /clustering purposes for proxmox.
If your CPU supports AES-NI and you like to use it in your pfSense/OPNsense VM for OpenVPN etc. you can change processor type to "host"
Good call!
Basically you always want to use host, unless you want to do a live migration to a different host with a different cpu. Kvm has the bare minimum of cpu flags, host type is always better
@@tomashrubovcak3770 Hm, yeah, sounds reasonable. Any idea why proxmox defaults to KVM ?
@@succubiuseisspin3707 precisely for live vm migration reasons. I learned that the hard way when I couldn't figure out why my tls offloading proxy was so slow on my proxmox vm... Then I dug around and found some official docs covering that.
This video was awesome. While we are on the subject of virtualizing firewall: Can you add a third NIC to the PFsense VM that is also on the LAN side but its inside the Proxmox virtual environment? What I mean is, for physical devices on the LAN side you would connect it to the LAN physical port (maybe add a switch first), but for the other VMs that live on the same Proxmox host as the Pfsense, it would be a waste to send their traffic out a phisical port then back on the LAN port. Is my assumption correct that all you would have to do is create a new linux bridge in proxmox (vmbr2 maybe) and just add that as a third adapter to pfsense and configure it as LAN. Then from there just add that bridge as an adapter to all your VMs?
Very helpful video, thanks! I have a question though if you don’t mind! Say i create a linux bridge to the passed-trough LAN port to allow connectivity between my other VMs and the physical switch managed by pfsense. Will the VMs bypass the pfsense firewall? Or will they be routed trough it? Thanks!
don't forget to enable IOMMU. The version of Proxmox 6.1-7 didn't enable it by default.
Good call! Sorry, I already had it enabled from a previous video >.
@@TechnoTim yea, took me a good hour to figure get my R410 working correctly with IOMMU.
Hi Tim, great tut. Had to do some IOMMU separation to get it to work but finally did it and working. Now, I have PFsense running inside vm giving its own network and dhcp to everything comming out through the lan port. So far so good. I want now to place the proxmox host behind pfsense as well and leave the primary modem only passing traffic to pfsense with DMZ. I just need to plug the nic (using proxmox) to the switch but before change de ip address? I'm not sure how to do this.
If Pfsense is running within Proxmox and connect to a modem, isn't promox exposed to the internet. Is it safe to just reroute all the traffic go through Pfsense including the other VM and CT?
@Techno Tim Thank you for your video, I have used this to make a similar setup. But the nodes on the LAN are not able to connect to WAN. They can get IP addresses though. Any tips to fix this? Please let me know. Thanks in advance!
Just recently found the videos and am enjoying them very much, but, I have a question...
I think you mentioned this pass-through was done on a R710 (I could be mistaken)? If so, how did you get it to work? There seems to be Dell related laziness keeping an IOMMU/pass-through setup from working properly due to some unpatched Intel screwup.
I usually just bridge interfaces on VMs when needed, but decided to try this out. Nothing has worked. I have a R610 and R710 here along with dual and quad port Intel Pros.
Did you end up having to use the "Allow Unsafe Interrupts" option?
Bridge will work too if you don't want to pass through. I did not have to use Allow Unsafe Interrupts
Thank you very much for so incredible manual! is it correct if I have two inbuilt NIC in my motherboard then in my case will be better use two bridges in Proxmox instead of PCI-passthrough?
Thank you! I think that should work too!
1.proxmox can do hardware accelaration from pfsense through nic ?
2. there is option to define standard vSwitch in proxmox like vsphere ?
Maybe you should do a video on setting up Vlans on proxmox?
Thank you!
yes in deepth review and tutorial is much needed. i hope he would do it
Good video!
Hi Tim. You need to put a space before 'Techno' for the link to the HP Dual Gigabit NIC so the link works.
Might be late to the party, followed your video and worked perfectly (thank you) only thing is if I reboot the vm (for pfsense) I don't get a WAN ip back, only way to get it is to reboot the Proxmox server, can't find anything to point me to the correct direction
How is the hypervisor acting on the open WAN port? Thinking with regards to open ports, updating etc.
two things....why did you add pci device and not network device card as i've seen in all other similar vids?....secondly, as feedback - thanks for posting. apart from knowledgeable and simple to follow, it's calm and easy to listen to...
Thanks for this great video. It is a good idea to do it from security point of view to have your proxmox server open to internet if you have all other important VMs in promox itself? I had been thinking about this but was bit concerned. I am building a new proxmox server so I am thinking it again. I have unifi USG as my router now but it lacks lot of good feature other than nice graphics
I don't see any security issues if you are passing the WAN NIC directly though to your network firewall appliance.
Hey, great video! Can you speak to theb tradeoffs in virtualizing and running pfSense through proxmox vs pfSense on bare metal? While this seems really cool, I do wonder about the overhead in virtualizing and what benefits I'd gain. The main one I see is in essentially being able to overprovision a server and essentially create "multiple" servers, though with a potential performance hit. Also possibly easier for backup and recovery?
Also, related to above, would I be able to run a proxmox box with pfSense in 1 vm and e.g. Postgres in another all with 1 nic, or would I need multiple? It seems like I'd need 1 for wan and 1 for lan, plus ANOTHER for Postgres or any other servers. If I can do it all with one, is it even recommended? Feels like a security risk with possible performance issues also, intermingling all that traffic.
Sorry for the wall of text!
Yes, easier for backup and recovery, also easy to switch out to something else. the downside is the internet goes down while your server reboots, which is rare but still there.
Great Video ...I am new to networking ... If we virtualize the router given by ISP, how would we create a wireless network for this ? ..I suppose the NIC adapter will create only ethernet network ?
Hi! Yup, just connect a router to your LAN/Switch/Ether net and then turn off DHCP and routing. That's what I did! Then your old router just becomes and Access Point!
i got further with 8.0 then others version with this guide ty i have an older intel dual 100 nic that i may use as new is not in the cards yet lol.
Hi Tim, awesome video.
I opted for OPNSense.
I added 2 x NICS to proxmox and struggled getting them in different groups
This is how I resolved that:
In proxmox shell...
>> lspci | grep Ethernet
03:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. Device 8161 (rev 15)
06:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. Device 8161 (rev 15)
>> find /sys/kernel/iommu_groups/ -type l | grep 03
Showed both nics in group 7
/sys/kernel/iommu_groups/7/devices/0000:03:00.0
/sys/kernel/iommu_groups/7/devices/0000:06:00.0
Edited grub as follows:
>> nano /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="quiet amd_iommu=on pcie_acs_override=downstream,multifunction"
>> update-grub
>> shutdown -h now
and switched the server on again. I could then add the NICs to my VM.
Noob dilemma. Please help me getting to my VM
-- Laptop connected via router (192.168.21.1) to proxmox host (192.168.21.10)
How can I connect to the host as well (or interchangeably) to the OPNSense VM?
Francois Williams how many nics do you have total?
@@TechnoTim 1x Onboard + 2 PCIe cards each with a single port.
The onboard one I want to use to manage the proxmox server and the other two cards for WAN and LAN.
Just not sure how to do the above. Thx for replying.
Hi Tim
You mentioned in the video that you manage your proxmox server using your laptop. How do you do that without using a secondary router (i.e. not the opnsense wan interface)?
Thank you for this video, and for your channel. I do have a question. I have a similar setup as seen in the 2:22 mark of this video (onboard NIC and dual NIC card). My onboard NIC is attached to my switch via a green cable. My WAN port is plugged into my provider's cable modem via a white cable and my LAN port is plugged into my switch via a black cable (BTW, same switch that the onboard NIC is plugged into so that I can go to Proxmox web UI). pfsense seems to be working with this setup, but how do my Proxmox VMs get their Internet? Since the dual NIC card is being passed through to the pfsense VM, and other VM will not see this card. Is there something I need to do in Proxmox or pfsense to bridge the two?
Make sure you create a network bridge where all your physical and virtual devices can communicate with each other
Hello, nice video ! How do you connect other physical PCs to that virtualized router ?
Great Video - first TechnoTim I have seen. Great job explaining and sharing. I have been using pfSense about 2 years now on an HP t620+ ThinClient with an added 2-port Intel i350-T2 card. Been working great, but I have this awesome Workstation class machine I want to use for ProxMox. I have 8.0.9 installed there, and I am just beginning. I purchased a 4-port i350-T4V2 for this box, and it is working fine. In the t620+ I had disabled the on-board NIC as was not using it.
I know that ProxMox requires a NIC for accessing the host/dashboard, but can it be one of the 2-ports I will use on the i350-T4? I have a cable from Cable modem to port 0 on the 4-port and cable from port 1 to the Netgear Orbi (wifi AP)...as it has a satellite in the other end of the house where the office is - so that I have Wired (per se) access back there and wifi is stronger. From the Orbi (at the ProxMox box & modem - there is a cable into the on-board NIC of the ProxMox host). If I unplug this, I lose access to the host dashboard.
Dude thank you that's awesome. Where would you save the ISP account details though? Do you use a switch for extra ports?
Yes I do. My ISP information is a DHCP address on my WAN NIC, nothing to configure there for me.
Thank you! Also, yes, I do use a switch for extra ports. My LAN NIC goes to my switch.
Hi Tim. The guide is nice and clear- but can you make a guide for people that want to utilize current equipment? Like old laptop with proxmox and pfsense (so one nic) and tp-link vlan switch. I tried to made such setup work with this guide combined with some router on a stick but I've failed:)
You may be able to passthrough USB NICs however, reliability will be worse for the same price you can buy a PCIE NIC. If you already have USB 3 Gigabit NICs though, it's probably worth a try.
Thank you for great video, Tim!
Do you get good performance on your pfSense running in Proxmox? I get max 50mbps on 100mbps link with Squid and PfBlockerNG running. Have turned off hw checksum offload, played around with amount of RAM & CPU cores, but no luck. Was also running ntopng for a while, but itdecreases performance, so I removed it.
I am running it on i5-7500 CPU with host CPU type, 4 to 8 gigs of RAM. Mifro form factor Dell PC, one interfaces is usb-to-ethernet. Tried different settings for it, but no luck as well.
Do you have any ideas what can be the reason for that?
Hey! NP! My perf is normal when virtualized. I’ve heard of people having luck by setting their CPU type to host when virtualizing but I’ve never tried it. LMK!
Is it possible to utilize pfsense on proxmox using only laptop with one NIC using VLANs. I know you elaborated on these subjects but not in such combination. Thanks for you help
Tim, I love your videos but had a quick question. Do you have failover for your virtualized firewall? I currently have pfSense virtualized on Proxmox but every time I need to reboot Proxmox, I bring down the network.
Thank you! I do not. That’s one of the cons of virtualizing anything, if you reboot the host the guest goes down.
Hi TechnoTim, this was a great tutorial. I followed it almost successfully, all my LAN client are getting IP addresses except for the guest VMs that rely on the vmbr NIC. Did you come across this and if so how did you resolve it? Many thanks
@guya4007
Did you ever solve your issue. I have Exactly the same issue
Great video. Thanks.
However the vm needs to be the first to hit the traffic and we need to ensure all Others vm access internet through pfsense. Can you share the iptable rules you have in place to ensure that? Thx
Tnks for the help, @Techni Tim!
If anyone get a error like this -> "TASK ERROR: KVM virtualisation configured, but not available. Either disable in VM configuration or enable in BIOS." - Please, follow this steps to solve!
Bye!
How does this work with your ubiquity gear (udm-pro)? I’m in a similar situation and just wanted your thoughts.
Thanks for the video! If dont have a 2 port NIC can I add an additional 1 port NIC to go along with the built in one on my mobo?
Yes
Yes but then your Proxmox server loses it's connection as the VM will take both NICs as soon as it's started.
would be helpful if you went through IOMMU and PCI passthrough for those NIC cards to be accessed by the VM
Check out my gpu passthrough video, same process!
@@TechnoTim if u blacklist your ethernet cards like with GPU does that mean other VMs don't get internet? this process doesnt seem straightforward and i cant find alot of resources online for NICs
I fully believe this set up works. you are essentially using your proxmox as your network gateway, which is not very secure
WAN has exclusive access to the NIC
Is no one going to mention how much you look like Johnny Depp?
Never the less, i love your tutorials. Easy to understand.
haha thank you!
@@TechnoTim +1 agree with Suleiman. if johnny deep was a sys admin he would be u lol
Great tutorial as usuall from you. I have a question about the proxmox location in this infrastructure. Where is it placed in the network. I am running small server with pfsense virtualized but this server I own has only two LAN nics. One is used as a wan port and secon as a privet network. I wonder where and how to address the proxmox... I hope this question makes sense
It makes sense. Just make the LAN on your virtualized pfsesene virtual and connected to a linux bond. Then connect that linux bond to the NIC and use that for your LAN and proxmox
Thank you for this video. I have one “noob”question. Using a physical machine that has 6 network ports, running ProxMox and a pfSense VM...how can I access ProxMox web control panel from my network that is being served by pfSense? Do I just need to ensure ProxMox is on the same subnet as my LAN? Thank you kindly for helping.
I'm sure it's been covered (in fact I know of 1 other creator that has) but running Unraid on Proxmox, I followed his skim-through and I can see it in the console but cant connect. Maybe in it elaborate on selecting network interfaces (cards) to split them among the chassis (Proxmox) and vms (PfSense, Unraid, and TrueNAS at least)
And longshot but if you have a multi-day chassis (like my sc846) how to specify specific bays to certain vms (not specific drives, that way any drive inserted into "bay 20" will be assigned to vm X.
Hello, my networking setup at home are ONT and a openwrt router.
Can i set the pfsense on the midle of the ont and router
how about showing us how to setup pfsense in proxmox and using that vm as the router for a cluster
can you please make a video on sophos firewall? also with the dual NIC card, where do those Ethernet cables go in and out to? i assume the WAN one comes from the modem, but the output?
Possibly!
hey man thanks for the video, i have a couple of questions can i use my normal router then connect the virtual router for use the vpn service? or it needs to be directly connected to the ISP provider modem?
Hi! If you were to do that, you don't need 2 routers, just use your physical router then install OpenVPN in a virtual machine or a Docker container.
a little update for all , you can get a pfsense + home subscrition now so more features for free ! btw great video(all of them that i saw ) mister tim
Thank you!
Any thoughts on installing with zfs? Seems to be the default these days
Is it possible to route traffic from your proxmox hypervisor out through the pfsense vm? Without having to use an additional port to connect the hypervisor box to the switch?
Can you use SRIOV instead of passing the whole nic? So you still can have some VFs for your other VMs.
You don't actually have to patch the LAN port through to the Pfsense VM, you can just use the default Proxmox bridge and save a connection to your switch.
That’s right! You can go this route if you only have one additional NIC
Thanks for the tut. Why you are the PCI device directly instood of an Linux bridge?
You can do it either way, but I didn't want to introduce another layer between my NIC any my modem. If aren't able to support IOMMU, a linux bridge is the only way.
Found your channel awhile ago but I never had any server stuff. Your stuff is awesome.
Question about Users, if the new user added to PfSense has the same access as Admin, why create a new user? Is it because hackers will try to use admin as the username to login?
yeah, I do so that no one knows the default username. I typically do that anytime there is a generic name like "admin" or "administrator"
Is this possible to do with only 2 ethernet ports? I have a pcie card with 1 ethernet port, and I also have the standard one on the motherboard. In 2:22 I can see that the red wire is probably connected to whatever computer is used to connect to the proxmox web interface.
Trying it out for myself with just 2 ports made my setup, as expected, go down :)
I will try again with a USB-ethernet dongle or the onboard wifi (if I can get it to work) so I can access the web-interface..
Can you cover the switch options more? For example using physical switch or using open vswitch?
Which parts?
@@TechnoTim I might have to listen to it again. I dont recall seeing where you stated if your switch ports were physical or virtual, or a combination of both.
Tim, how did you connect the host OS to pfsense once its setup. As you used two ports passtrhough to pfsense (physically from the quad port), the host proxmox should also be on the LAN side. Will that use a physical connection from the pfsense LAN>switch>LAN3 (cable) or something else? Secondly, do you disable firewall option in the natwork setting of proxmox VM?
The lan should then connect to your switch. As for firewall on vm, yes disable in proxmox
Could I connect a switch from NIC to add more physical devices ?
Any chance you could do a video on how to passthrough hard disks to a VM in Proxmox for FreeNAS virtualization?
If I can somehow acquire more hardware I'd love to!
Nfs share will do the job
question how can include proxmox web on same network as you pass hardware pci direct to pfsense im trying to acess proxmox direct from pfsense network ?