pfSense Virtualized
- Thread starter Camagur
- Start date
I don't really understand how you meant that.
Let me give explain in more detail:
You will have the default vmbr0 with probably the first interface as bridge port.
You can then add another vmbr (vmbr1) using the second interface as bridge port. This will be the WAN port connected to your modem.
vmbr1 does not need to have any IP configured on the bridge itself.
The simplest solution then is to add two NICs to your virtualized pfSense. The first with vmbr1 as bridge and the second with vmbr0 as bridge which is connected to the switch on the internal network.
If you want to split up your traffic more you can add another bridge with one of the unused interfaces and use that for the internal interface of your pfSense.
I hope this is understandable.
Let me give explain in more detail:
You will have the default vmbr0 with probably the first interface as bridge port.
You can then add another vmbr (vmbr1) using the second interface as bridge port. This will be the WAN port connected to your modem.
vmbr1 does not need to have any IP configured on the bridge itself.
The simplest solution then is to add two NICs to your virtualized pfSense. The first with vmbr1 as bridge and the second with vmbr0 as bridge which is connected to the switch on the internal network.
If you want to split up your traffic more you can add another bridge with one of the unused interfaces and use that for the internal interface of your pfSense.
Code:
vmbr0 ---- NIC1 ---- switch
Modem ---- NIC2 ---- vmbr1 ---- pfSense WAN
pfSense LAN ---- vmbr2 ---- NIC3 ---- switch
Looks good. You add two virtual NICs to your pfSense VM, one has the vmbr3 as Bridge, the other vmbr4.
Maybe you should note down the MAC addresses of the virtual NICs so you can quickly see which NIC is which during the pfsense install.
Maybe you should note down the MAC addresses of the virtual NICs so you can quickly see which NIC is which during the pfsense install.
I might be late to the party on this... but YES you can absolutely do this. I do this all the time with our phone servers. HOWEVER.... you are going to want to change a setting inside pfsense:
You need to go in and disable Hardware Checksum Offloading. Inside PFsense you will find this setting under System --> Advanced --> Networking The checkbox is "Hardware Checksum Offloading" and checking it will disable it.
You might find that you have to side load a copy of ubuntu or something connected at the lan interface. I have found that I cannot pass traffic across pfsense until you change the setting.
You need to go in and disable Hardware Checksum Offloading. Inside PFsense you will find this setting under System --> Advanced --> Networking The checkbox is "Hardware Checksum Offloading" and checking it will disable it.
You might find that you have to side load a copy of ubuntu or something connected at the lan interface. I have found that I cannot pass traffic across pfsense until you change the setting.
Since we are on the topic of pfsense, I do have a question about the initial set up of the image. I was looking at some youtube video on setting up pfsense under proxmox. When he got to the section on choosing the CPU, he did the default kvm64 type, and then used 1 Socket, 1 Core and 6 vcpu.
I am still trying to properly understand how to use vcpu, but regardless, it seemed wrong what he had stated, but I could be wrong. I am using a quad i7, with 16GB of memory. What should be the the ideal setting for the CPU type and core usage and how much memory should I allocate for the pfsense.
I am still trying to properly understand how to use vcpu, but regardless, it seemed wrong what he had stated, but I could be wrong. I am using a quad i7, with 16GB of memory. What should be the the ideal setting for the CPU type and core usage and how much memory should I allocate for the pfsense.