Search results

You need multiqueue support. Last time I checked, pfsense didn't support it (maybe it does now ?). Anyway, you can try OPNSense which does support it, and can easily reach 5Gbps (probably more, depending on CPU and some tuning). Still won't be enough for 1000 RDP connections at 100Mbps each (but...

I'm running an OPNSense HA cluster (so, very similar to PfSense) on Proxmox, and I confirm there's nothing particular to set

You are missing one node (in a 2 nodes cluster). Can't you bring this node back online ?

Check your SPF is correctly setup with an online tool, eg https://dmarcadvisor.com/fr/spf-check/

Thin LVM (which allows thin prov and snapshots) is very different from thick LVM, and can't be shared by nature. So only thick is available if you want to share it between nodes

Shared LVM over iSCSI might have its drawbacks (mainly, no thin provisioning and no snapshots), but I wouldn't worry about its production ready status. Probably one of the most solid storage option

And that's the expected behavior. Now, to protect you from this sender address spoofing, you need to setup SPF/DKIM/DMARC

Nope, I dont understand your concern. Everybody can send an email to your inbox, and the only way to reach your inbox from the outside should be though your PMG. It only adds a security layer.

That's how email works : anybody can send emails to your mailbox. And that's the reason pmg exists : limit the risk of receiving spam and orher unwanted email

As long as the destination domain is in the relay domain list, yes (and if the backend server validates the destination mailbox is valid too)

I run PBS on a tiny fanless qotom box, with two external disks on an USB3 enclosure (using zfs mirror). Nothing but consumer grade hardware. It's rock solid

Last time I tried (5 years ago), performance of cda was so bad that I migrated to nas-ha

No, you don't

Yes, my bridge is visible in proxmox network settings (although I configured it manually in /etc/network/interfaces). There's nothing particular to do. If it doesn't work, you'll have to investigate (tcpdump at various levels to see where the communication is lost)

Yes, vmbr0 should be vlan aware. And once done, you can configure standard VLAN in the guest OS (I'm using it on PfSense and OPNSense to handle tens of isolated zones, with a single interface)

You can do this from the command line, with qm, eg qm set 100 -net1 "virtio=CA:85:82:35:28:62,bridge=vmbr0,trunks=10-20;30" Will pass VLAN from 10 to 20, and also 30 on the nic net1 of the guest with ID 100

Sequential read/write numbers aren't that relevant. IOPS and, even more, sync writes matters.

This will depend on your SSD model. You need to use DC grade SSD to get decent perf with Ceph

I guess it's CPU bound. Data is compressed (zstd) while backup is running

If Ceph version is an issue, then you might be able to - install targetcli on the new host - configure the ZFS storage of the new host as a ZFS over iSCSI storage on the old cluster (ZFS over iSCSI uses zvol just like a local ZFS) - live move the disk from Ceph to the ZFS over iSCSI storage on...