FreeNAS 11.2 with PfSense as guest VM

eNORm · Dec 16, 2018

I have 4 NICs in my server. Currently it's placed on a public IP in a datacenter. I don't like to have the FreeNAS on a public IP without any firewall between. I was thinking about making a VM with PFsense and use that as a firewall.

Is this doable? I know it's not an optimal configuration, but can't see any other options.

I've done simeliar setup in linux.

I was thinking of this setup.

igb0 -> Wan interface and used by PFsense VM

Make a bridge device that FreeNAS uses and other VM on the same private subnet.

eNORm · Dec 18, 2018

I got this almost to work. I've setup Pfsense as a VM, and added 2 NICs.

This creates a bridge0 with tap0 that is the WAN side and bridge1 with tap1 as the LAN side. I also installed a Ubuntu VM that connected to the bridge1 with tap1 and got a IP from the Pfsense dhcp-server. I could also configure the PfSense from that Ubuntu VM-guest.

I used igb1 for LAN bridge and igb3 for WAN bridge.

My igb0 NIC is left untouched and it's still the one with the public IP on. In the end I want to move the network cable from igb0 to igb3 and have the FreeNAS on the inside of the Pfsense FW.

What's missing is to connect igb2 or a vlan1 device to bridge1, and get an IP from the PFsense server there, but since the bridges are not created untill the VMs are booted, it's a bit hard to attach a NIC to the bridge1 when the FreeNAS is booting. Any suggestions are more than welcome.

millst · Dec 18, 2018

I am fairly sure this has come up before so you might want to try searching. While it should be doable, the usual advice is against even trying. FreeNAS should not be anywhere near the Internet and it's safest to get dedicated hardware for your firewall.

-tm

eNORm · Dec 18, 2018

millst said:
I am fairly sure this has come up before so you might want to try searching. While it should be doable, the usual advice is against even trying. FreeNAS should not be anywhere near the Internet and it's safest to get dedicated hardware for your firewall.

-tm

Thanks for the consideration.

Trust me I've searched, but none has made it truly work. If you have a link I would appreciate it very much.

-eNORm-

millst · Dec 18, 2018

Probably scared off by people telling them not to do it :)

I haven't made use of the VM capabilities in FreeNAS. My PFSense machine is dedicated. I've written some scripts for jails that work with bridges, but the jail system provides nice hooks for jail start, stop, etc. You could probably come up with a way to detect it or, worst case, use a fixed timeout.

-tm

eNORm · Dec 20, 2018

I've decided that proxmox is better suited for my usecase. I can run FreeNAS inside of that.

Michael M · Dec 22, 2018

eNORm said:
Thanks for the consideration.

Trust me I've searched, but none has made it truly work. If you have a link I would appreciate it very much.

-eNORm-

I posted my solution earlier today. I use iohyve and PCI passthrough of a multi-port ethernet card to the pfSense VM instead of relying on bhyve networking. I had not seen your post previously.

https://forums.freenas.org/index.ph...net-pci-passthrough-under-freenas-11-2.72244/

Important Announcement for the TrueNAS Community.

FreeNAS 11.2 with PfSense as guest VM

eNORm

Cadet

eNORm

Cadet

millst

Contributor

eNORm

Cadet

millst

Contributor

eNORm

Cadet

Michael M

Cadet

Similar threads