Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

Can I use freenas server as a router?

Joined
Aug 1, 2019
Messages
5
Hello community I hope you are well, forgive my ignorance but I have a question and I have been investigating but I cannot find concrete answers. My question is: Can I use the freenas server as a router (enable routing)?
 

jgreco

Resident Grinch
Moderator
Joined
May 29, 2011
Messages
11,834
Yes, but you probably shouldn't.

The BSD networking stack has routing baked in at a fundamental level. This is basic IP packet forwarding - not NAT (even though everybody calls home NAT gateways "routers") and not dynamic routing procols (OSPF, ISIS, RIP, etc). Turning routing on is a matter of setting net.inet.IP.forwarding to 1 and properly configuring the interfaces.
 
Joined
Aug 1, 2019
Messages
5
Hi, thanks for answering. Could you tell me where I apply the net.inet.IP.forwarding command to 1?
 

kdragon75

FreeNAS Expert
Joined
Aug 7, 2016
Messages
2,429
While this is technically possible, it's probably a bad idea. What are you trying to accomplish?
 
Joined
Aug 1, 2019
Messages
5
Hi sorry, I was not at home I try to configure load balancing with the freenas server, basically as if it were a router, is that possible?
I try to configure the rc.conf file to enable routing but it does not apply the changes at the time of restarting the computer, what I put is lost. Any ideas for this madness?
 

Heracles

FreeNAS Guru
Joined
Feb 2, 2018
Messages
422
Hi Tares,

It is not because something is possible that it means it is smart to do it... FreeNAS is clearly not designed for this role despite its fundation, FreeBSD, can do it.

FreeNAS is meant to be a storage appliance, not an Internet Firewall. Also, you are talking about load balancing... This is not just basic routing. What load are you trying to balance ? At layer 7 ? Layer 4 ? Layer 3 ? Layer 2 ?

Even port forwarding from Internet straight to FreeNAS is discouraged. To have FreeNAS handling an Internet pipe itself is really to be avoided at all cost.
 
Joined
Aug 1, 2019
Messages
5
hello Heracles, thanks for answering.
Load balancing for layer 4, but for the comments I see it seems that it is not advisable to make such configurations, but then for what cases is used in freenas lb some example? excuse me I'm a newbie in this
 

Constantin

Vampire Pig
Joined
May 19, 2017
Messages
594
I’d use a dedicated appliance for load balancing. I would not use a FreeNAS for this simply because I am paranoid re: potential vulnerabilities in the network stack.
 

Heracles

FreeNAS Guru
Joined
Feb 2, 2018
Messages
422
Hey Tares,

FreeNAS is designed for storage and storage only. As such, you should not use it for anything else than storage. Firewalling, Load Balancing and other services should be provided by other solutions.

First, these other solutions will give you a better service than FreeNAS because they are meant for that. Here, I am using pfSense and HAProxy for firewalling and load balancing.

Second, FreeNAS' security is somewhat weak because it assumes it will be protected by infrastructure. That is why you do not have non-root user that you can use to connect the WebUI and work with it. Should you expose it, you will not be that well protected.

For your Internet access, firewalling and load balancing, I recommend you take a look at pfSense. That one will be more than happy to face Internet and keep the bad guys outside.
 

jgreco

Resident Grinch
Moderator
Joined
May 29, 2011
Messages
11,834
Hey Tares,

FreeNAS is designed for storage and storage only. As such, you should not use it for anything else than storage. Firewalling, Load Balancing and other services should be provided by other solutions.

First, these other solutions will give you a better service than FreeNAS because they are meant for that. Here, I am using pfSense and HAProxy for firewalling and load balancing.

Second, FreeNAS' security is somewhat weak because it assumes it will be protected by infrastructure. That is why you do not have non-root user that you can use to connect the WebUI and work with it. Should you expose it, you will not be that well protected.

For your Internet access, firewalling and load balancing, I recommend you take a look at pfSense. That one will be more than happy to face Internet and keep the bad guys outside.
Awarded - winner, today's best answer on this topic. ;-)
 
Top