Recent content by danielb

You need multiqueue support. Last time I checked, pfsense didn't support it (maybe it does now ?). Anyway, you can try OPNSense which does support it, and can easily reach 5Gbps (probably more, depending on CPU and some tuning). Still won't be enough for 1000 RDP connections at 100Mbps each (but...

I'm running an OPNSense HA cluster (so, very similar to PfSense) on Proxmox, and I confirm there's nothing particular to set

You are missing one node (in a 2 nodes cluster). Can't you bring this node back online ?

Check your SPF is correctly setup with an online tool, eg https://dmarcadvisor.com/fr/spf-check/

Thin LVM (which allows thin prov and snapshots) is very different from thick LVM, and can't be shared by nature. So only thick is available if you want to share it between nodes

Shared LVM over iSCSI might have its drawbacks (mainly, no thin provisioning and no snapshots), but I wouldn't worry about its production ready status. Probably one of the most solid storage option

And that's the expected behavior. Now, to protect you from this sender address spoofing, you need to setup SPF/DKIM/DMARC

Nope, I dont understand your concern. Everybody can send an email to your inbox, and the only way to reach your inbox from the outside should be though your PMG. It only adds a security layer.

That's how email works : anybody can send emails to your mailbox. And that's the reason pmg exists : limit the risk of receiving spam and orher unwanted email

As long as the destination domain is in the relay domain list, yes (and if the backend server validates the destination mailbox is valid too)

I run PBS on a tiny fanless qotom box, with two external disks on an USB3 enclosure (using zfs mirror). Nothing but consumer grade hardware. It's rock solid

Last time I tried (5 years ago), performance of cda was so bad that I migrated to nas-ha

No, you don't

Yes, my bridge is visible in proxmox network settings (although I configured it manually in /etc/network/interfaces). There's nothing particular to do. If it doesn't work, you'll have to investigate (tcpdump at various levels to see where the communication is lost)

Yes, vmbr0 should be vlan aware. And once done, you can configure standard VLAN in the guest OS (I'm using it on PfSense and OPNSense to handle tens of isolated zones, with a single interface)