Has anyone tried running pfsense

Status
Not open for further replies.
Nightowl805

Nightowl805

Explorer
Joined
May 12, 2014
Messages
77
as a plugin for the network or is that a bad idea to have the router that close. Do people thin pfsense worth the time??
 
Wolf666

Wolf666

Dabbler
Joined
Mar 20, 2015
Messages
14
I would use a dedicated box for pfSense.


Sent from my iPad using Tapatalk
 
C

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,525
A plugin for pfsense just won't work. The network traffic has to go to FreeNAS before it goes to the jail, so you've already circumvented your security software (pfsense) before you've even booted it!

Bad joo-joo!
 
A

Allan Wilmath

Explorer
Joined
Nov 26, 2015
Messages
99
I disagree, it is possible. You would have to manually set the networking settings in FeeNAS for the internet facing port to a null configuration. You could even set it static for addresses outside of your network and the public network and use a subnetmask of 255.255.255.255 This would work as long as FreeNAS uses bridged network virtual adapter configurations. Alternatively you could also see if the USB passthrough in Virtual box is available in the FreeNAS version of VirtualBox. Then just a pass the internet to the vm using a usb dongle. The issue here is that you don't want FreeNAS using the usb network before VirtualBox loads. You could intentionally break the driver in FeeNAS. The main issue is your cable modem can't get two MAC addresses.

Possibly the best way is with VLAN tagging. You would connect the modem to an enterprise switch and then configure it to tag that physical port with a VLAN tag to the port connected to the FreeNAS box. So if the VM was not running, then the VTAG should be dropped.

And then there is the way I'm doing something similar, virtualizing FreeNAS, pfSense, Ubuntu, and possible OS X using ESXi. But that has become expensive and complicated. And I'm pretty sure the SAS controller is using as much power as a low power computer would by it's self. LSI should have put a bigger heatsink on it.

For a home a low end ATOM based motherboard that uses a 19V laptop power adapter is the best way to go. There are some with dual networking just for that reason. A used netbook that can boot pfSense would be even slicker. Have to use a ASIX based usb adapter. Fora home you don't need much for pfSense. The requirements they list are excessive. I have it running great with just 1gig of ram.

The next version of FreeNAS is supposed to bring hypervisor support and then what you want to do will be even easier.

I guess it really depends on how much work you want to put in to it.
 
N

notjoe

Explorer
Joined
Nov 25, 2015
Messages
63
Allan Wilmath said:
I disagree, it is possible. You would have to manually set the networking settings in FeeNAS for the internet facing port to a null configuration. You could even set it static for addresses outside of your network and the public network and use a subnetmask of 255.255.255.255 This would work as long as FreeNAS uses bridged network virtual adapter configurations. Alternatively you could also see if the USB passthrough in Virtual box is available in the FreeNAS version of VirtualBox. Then just a pass the internet to the vm using a usb dongle. The issue here is that you don't want FreeNAS using the usb network before VirtualBox loads. You could intentionally break the driver in FeeNAS. The main issue is your cable modem can't get two MAC addresses.

Possibly the best way is with VLAN tagging. You would connect the modem to an enterprise switch and then configure it to tag that physical port with a VLAN tag to the port connected to the FreeNAS box. So if the VM was not running, then the VTAG should be dropped.

And then there is the way I'm doing something similar, virtualizing FreeNAS, pfSense, Ubuntu, and possible OS X using ESXi. But that has become expensive and complicated. And I'm pretty sure the SAS controller is using as much power as a low power computer would by it's self. LSI should have put a bigger heatsink on it.

For a home a low end ATOM based motherboard that uses a 19V laptop power adapter is the best way to go. There are some with dual networking just for that reason. A used netbook that can boot pfSense would be even slicker. Have to use a ASIX based usb adapter. Fora home you don't need much for pfSense. The requirements they list are excessive. I have it running great with just 1gig of ram.

The next version of FreeNAS is supposed to bring hypervisor support and then what you want to do will be even easier.

I guess it really depends on how much work you want to put in to it.
Click to expand...

I had a similar idea...I don't see why it wouldn't work or how it would be less secure than a dedicated machine running your firewall application either. The biggest issue that I can see thus far is being able to passthru a secondary nic to a FreeNAS jail.

http://forums.freenas.org/index.php?threads/pfsense-within-virtualbox-on-freenas.39747/#post-247311
 
Status
Not open for further replies.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Has anyone tried running pfsense"

Similar threads

SLIMaxPower
  • Locked
pfsense open vpn freenas
Replies
6
Views
2K
SLIMaxPower
SLIMaxPower
M
  • Locked
SOLVED pfSense as iohyve virtual machine with ethernet PCI passthrough under FreeNAS 11.2
Replies
0
Views
6K
Michael M
M
N
SOLVED pfSense in a VM won't boot until I VNC in to it
Replies
2
Views
2K
no_connection
N
H
  • Locked
PfSense in Jail
Replies
3
Views
14K
hawksight
H
D
  • Locked
FreeNAS 11 + Pfsense Router - Non-functional LinuxMint VM with IPV6 Disabled
Replies
2
Views
2K
Allan Wilmath
A
Top