Firewall and router app for truenas scale

[Karichi]

hello,

I would like to use adguard on my server but for that I have to change the dns server in my router settings which is not possible. So I have to put my router in bridge mode. The problem then is that my router no longer plays its role of dhcp/dns server and firewall. So I would like to find a truenas scale app that could act as a router and firewall like fpsense, does that exist?

 

[danb35]

There is no such app available for SCALE. You could run OPNsense, pfSense, or any other firewall OS you like in a VM, though. I'm not personally a fan of such an arrangement, because (1) it overly complicates things IMO, and (2) it means if your NAS is down, your Internet access is down. Therefore, my preference is to run the router on its own dedicated hardware, which need not be very expensive. My current preference are the systems like this:

https://www.aliexpress.us/item/3256803806717938.html

But SCALE is perfectly capable of running VMs if you choose to do it that way.

 

[Karichi]

Yes that's what I was thinking. I can use proxmox or directly create a vm on truenas but I find that it complicates the setup a lot for not much. Do you know if an application exists on truenas core? And is there a reason why such an application does not exist?

 

[Davvo]

It is generally not advised to run your firewall in TrueNAS.

 

[Karichi]

It is generally not advised to run your firewall in TrueNAS.

@Davvo Is there any security issues with it? Or is it because if the server is down internet will be too?

 

[Davvo]

@Davvo Is there any security issues with it? Or is it because if the server is down internet will be too?

It's mainly from a network design prospective I think: you want to have your firewall always up, in front of your network.
Then we can talk about it being in a virtualized environment, which adds another layer to the complexity of the system.

I am sure more competent people can give you more reasons, but for me just this two are enough.

 

[danb35]

I can use proxmox or directly create a vm on truenas but I find that it complicates the setup a lot for not much.

I don't think it would complicate the setup any more than what you'd need in order to configure an App to use (at least) two NICs and route traffic between them.

Do you know if an application exists on truenas core?

"Applications" on CORE are called "plugins," and not only is there not one that would be suitable, nobody should be using plugins at all, for any reason.

And is there a reason why such an application does not exist?

Because your firewall/router really ought to be a separate device; your NAS isn't a firewall.

 

[Ericloewe]

I don't think it would complicate the setup any more than what you'd need in order to configure an App to use (at least) two NICs and route traffic between them.

The VM solution would probably be simpler. Still not a great idea, though.