Jump to content
RESET Forums (homeservershow.com)

Doing PFSense Homework, I need help...


gyrene2083
 Share

Recommended Posts

Hello All,

 

So I read all the posts in this thread. This sounds like something I could play with when I go home from vacation. I have a few questions.

 

1. Could I install pfsense, and untangle on Essentials 2012 using Esxi?

 

2. Would this setup work? or this?

 

3.  Do I need three nic cards if I am going to use the old router as an AP or is that covered with the switch?

 

4.  If question number 1 doesn't work, how would I get untangle and pfsense on he same box? The thread I got the Super Router from started in 09 and there have been many changes.

 

 

Here is the gear I have in place as of now:

 

DLink Switch

 

Netgear WNDR4500

(going to make AP so with this I would have the setup run like this

Cable Modem -> PFSense in -> PFSense out -> Switch -> AP)

 

Thanks ikon and pcdoc.

 

Below you will see picture of my setup as it closely looks now...

fz2em0.jpg

                                                                                            

I hope this is enough information for you to help me help me. lol

Link to comment
Share on other sites

Hello All,

 

So I read all the posts in this thread. This sounds like something I could play with when I go home from vacation. I have a few questions.

 

1. Could I install pfsense, and untangle on Essentials 2012 using Esxi?

 

2. Would this setup work? or this?

 

3.  Do I need three nic cards if I am going to use the old router as an AP or is that covered with the switch?

 

4.  If question number 1 doesn't work, how would I get untangle and pfsense on he same box? The thread I got the Super Router from started in 09 and there have been many changes.

 

 

Here is the gear I have in place as of now:

 

DLink Switch

 

Netgear WNDR4500

(going to make AP so with this I would have the setup run like this

Cable Modem -> PFSense in -> PFSense out -> Switch -> AP)

 

Thanks ikon and pcdoc.

 

Below you will see picture of my setup as it closely looks now...

fz2em0.jpg

                                                                                            

I hope this is enough information for you to help me help me. lol

 

Here are my thoughts: (nice drawing and as long as you are not interconnecting via wireless it looks good)

 

1. Yes, but pretty complicated.  ESXi would have to be the hypervisor, and everything else would run as a VM.  This will work but it will not be pain free to setup.

 

2. The links you show have no where near enough horsepower to do what you are suggesting.  I would recommend a Core I5 with 16 gigs of RAM to run all of this.

 

3. You will need more than 3.  You will need 2 for the router stuff, 2 for essentials if you want to use anywhere access, and 1 for ESXi.

 

4. You can use something like Zen Server, or ESXi on a smaller box to handle both of those.

 

Just some added thoughts.  Though I love VM's I personally would buy a small box such as the ones you linked to and just run one or the other (you can test them both to see which you like better).  Recovery of routers in VM's can be trick if it kill you network access.  I would keep the router simple and if you want to play with VM's then you can do so.

Link to comment
Share on other sites

pcdoc thank you so much for responding. Like you said I want it as simple as possible, so I have those pc's laying around and I will just throw pfsense on it. I thought I could run Untangle as a firewall, but if pfsense can do it all that is just fine for me. So you think that either of those two jetway boxes would work with the existing setups. I was leaning toward the dual nic jetway, that one has the amd installed. I'm guessing with just running pfsense, I would just need just those two nics right?

 

 

4. You can use something like Zen Server, or ESXi on a smaller box to handle both of those.

 

So I've never used Zen Server nor ESXi, but I do remember having ESXi at already downloaded. So, I am thinking of using the jetway with the dual nic built in, and I have a amd athlon x2 7550  installed in that one I believe.

 

Thanks again for lending this old Marine a hand.

Link to comment
Share on other sites

pcdoc thank you so much for responding. Like you said I want it as simple as possible, so I have those pc's laying around and I will just throw pfsense on it. I thought I could run Untangle as a firewall, but if pfsense can do it all that is just fine for me. So you think that either of those two jetway boxes would work with the existing setups. I was leaning toward the dual nic jetway, that one has the amd installed. I'm guessing with just running pfsense, I would just need just those two nics right?

 

 

So I've never used Zen Server nor ESXi, but I do remember having ESXi at already downloaded. So, I am thinking of using the jetway with the dual nic built in, and I have a amd athlon x2 7550  installed in that one I believe.

 

Thanks again for lending this old Marine a hand.

 

You will need a box with dual nics for either setup and both untangle and pfSense will do both routing and firewall.  I use untangle as I like the simplicity of the setup and the fact that I can buy a router based antivirus for untangle which makes me feel better, in addition to some nice built in applets.  pfSense does a few things better such as QOS, bandwidth limiting, and better monitoring charts but in the end it becomes a matter of preference.  Try them both and then decide which will work best.  If you are going to just play around with ESXi than any box should work, though if you are going to use an AMD box make sure you check the hardware compatibility list.  If you end up that you want to go live with it, you will need a motherboard that supports Vt-d so you can pass through devices,  I did a short blog post on it and there is a bunch of information on Tinkertry.com if you just browse of search for it.  Paul is our resident expert on all things ESXi.

 

http://www.tinkertry.com/

 

http://thedocsworld.net/esxi-venture-part-1/

  • Like 1
Link to comment
Share on other sites

Again thanks. As soon as I get home I will do the pfsense. And start the rewiring process.

 

I will read your Blog when I get home tomorrow.

 

-Semper Fi

Gyrene2083

 

Sent from my SPH-L900 using Tapatalk 2

 

 

Link to comment
Share on other sites

I agree with pcdoc: try pfSense and Untangle and see which you prefer. I use Untangle as my only Unified Threat Manager (UTM). I use it because it does the job and I prefer its interface -- the various functions of Untangle are presenter to you as if they were 1U boxes in a 19" rack. It's a pretty simply, intuitive interface, at least to me.

Link to comment
Share on other sites

FWIW, all you *have* to have are two physical NICs. You can share the ESXi management and LAN across one NIC. If you are only using one ESXi box and not migrating VMs, then that will work fine. Typically it is recommended to have the vswitch that hosts the ESXi management on its own dedicated NIC, but that is mostly so you don't use the same NIC for migrating VMs between physical boxes that you are using for other traffic (i.e. iSCSI or or VM data.)

I have a Dell with an i5 2500 and 16 GB RAM that hosts ESXi. Hosted on it are pfSense, which routes three networks: WAN, LAN, and a test network (technically four as it also runs OpenVPN.) The test network has Server 2012 VM, Server 2012R2 VM, Server 2012R2 w/Essentials role VM, a Win 8 VM and a Win8.1 VM. The LAN network has a Win 8 VM, a Win 7 HTPC VM, and a few physical systems and a tablet and cell phone that connect.

All the VMs listed above as well as the pfSense VM are all on that one box. It has no problem running a VPN on ESXi and still maintaing 50 Mbps down and 30-40 Mbps up. And I have no problem pulling 120 MB/sec data rates from two systems simultaneously from my attached NAS through that box as well.

I do happen to have an onboard NIC I dedicate for management and a 4-port GIG NIC with two ports attached to one vswitch for VMs to get access to the LAN (ESXi handles the load balancing natively), one port for WAN access (attached to a vswitch for pfSense), and one port for the LAN out (on another vswitch for pfSense). At one point I used one of the ports for iSCSI but no longer.

The great thing about using ESXi is the test network VMs are attached to a vswitch but don't need a physical NIC. They are all on a 10.10.10.0/24 network. The pfSense VM has one virtual NIC as part of the test network, one virtual NIC on the LAN vswitch, and one virtual NIC on the WAN vswitch. So the test network is kept separate from the LAN as it is on a different network, but when anything on that network needs internet access they use the pfSense router to get out.

Bottom line is only the pfSense VM actually needs access to a physical NIC. All other VMs can use virtual switches, and any physical devices can get access to those VMs via the physical NIC on the pfSense router, which routes to whichever virtual switch and device(s) they're trying to access. In my diagram I could have had the exact same connectivity between all devices if all I had connected to the physical switch was the one NIC I used for the LAN connection to my pfSense VM. The other four physical NICs are just because I have them.

Diagram: TK_990_ESXi_setup.png

 

TK_990_ESXi_setup.png

  • Like 1
Link to comment
Share on other sites

P.S. Everything depicted in the diagram above that is inside the light orange box is all inside the little 990 pictured below (Xbox 360 controller included for size reference.)

 

CameraZOOM-20130727021603622.jpg

Link to comment
Share on other sites

ooooooh, diagrams..... I like pretty diagrams ;)

 

Nice work timekills. If only more posters would provide diagrams like that it would be a lot easier to help them.

Link to comment
Share on other sites

Timekills, that is freaking awesome. BTW from this Old Marine to you, Thank you for your service, not sure I followed everything you said, then again, I just got in from my Vacation, but the diagram awesome, the form factor freaking excellent. I actually have this mobo in route, I am going to take apart the jetway, and use it for parts. Now I remember why I had it in the closet, it wasn't working. But because I am really interested in doing this, I picked this up, and I am putting 8Gigs of Ram in it. Also, figured out how I could make my life easy too.

 

The issue I was having while on Vacation was that I couldn't see everything laid out, well on the flight back home I was able to draw everything out on a napkin....I will build the pfsense router and move it into the livingroom where the switch is hidden in a table I built. (Looks like an old footlocker, but sanded and stained.) Then the router will be with the switch, and all I have to do is run the Wan from the closet to the router, then plug the router into the switch, then plug the ap into the switch too, that will cover my wireless. Then from the switch all I have to do is run 2 lan cables back to the closet for my two servers. (Essentials 2012, UnRaid)

 

All of this will be better for me in the long run as I was initially thinking of moving the switch to the closet, but that would require me rewiring everything and I didn't want that.

 

Now here is are questions for you gurus. I've been reading that the lan should be set up on one segment, and the AP on another. For example, Lan 192.168.1.1 and the AP 192.168.2.224. Those where examples I have been seeing. Are these still practiced? and something I should be doing?

 

DNS, I see a lot of people using 8.8.8.8 (google right) but I never know the reason for them doing it. My ISP has their own DNS servers, so what do I benefit from using googles or anyother?

 

Thanks again, and it's good to be home....

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...