Pfsense on Freenas

[Reppiy]

HI,

I was wondering if it is possible to virtualise pfsense on freenas, and if so, how would I set up the network ports (do I need 2 network cards for pfsense, and then use the onboard network for freenas?)

thanks.

[KenjiUmino]

17 minutes ago, Reppiy said:

HI,

I was wondering if it is possible to virtualise pfsense on freenas, and if so, how would I set up the network ports (do I need 2 network cards for pfsense, and then use the onboard network for freenas?)

thanks.

so you want your NAS to also be a router ? if you can pass a PCIe card through to a virtual machine then this is what i would do to get pfsense direct access to network interfaces. and then just configure pfsense as usual ... WAN interface, LAN interface and all that good stuff 

[Reppiy]

1 minute ago, KenjiUmino said:

so you want your NAS to also be a router ? if you can pass a PCIe card through to a virtual machine then this is what i would do to get pfsense direct access to network interfaces. and then just configure pfsense like as usual ... WAN interface, LAN interface and all that good stuff 

Do you know if I can pass through a USB network card, as I’m using a NUC so There is not pcie ports

[Reppiy]

3 minutes ago, KenjiUmino said:

so you want your NAS to also be a router ? if you can pass a PCIe card through to a virtual machine then this is what i would do to get pfsense direct access to network interfaces. and then just configure pfsense like as usual ... WAN interface, LAN interface and all that good stuff 

Also I would need 3 Ethernet ports right?

[KenjiUmino]

20 minutes ago, Reppiy said:

Also I would need 3 Ethernet ports right?

i'd get at least one extra port for WAN - it should work if you make the LAN interface be a virtual device and then set up a network bridge between the virtual LAN and the other physical LAN port the NAS is using

 

assuming that you want the NAS to be on the same LAN as the router

[dalekphalm]

I would personally use a proper Hypervisor if you want to virtualize pfSense.

 

Then you can also virtualize FreeNAS (which despite some doomsayers, works flawlessly).

 

I'd do this:

ESXi free version (or Proxmox, etc)

VM -> pfSense

-> PCIe Passthrough for a network card

 

VM -> FreeNAS

-> PCIe Passthrough for an HBA Card or SATA controller (passing the SATA controller only works if the motherboard has more than one)

 

FreeNAS does have VM support, but I don't believe they have passthrough yet. I could be mistaken of course. But interface wise, ESXi is a lot easier to use to setup a VM on, over FreeNAS (at least, it was the last time I tried on both).

[Reppiy]

4 hours ago, dalekphalm said:

I would personally use a proper Hypervisor if you want to virtualize pfSense.

 

Then you can also virtualize FreeNAS (which despite some doomsayers, works flawlessly).

 

I'd do this:

ESXi free version (or Proxmox, etc)

VM -> pfSense

-> PCIe Passthrough for a network card

 

VM -> FreeNAS

-> PCIe Passthrough for an HBA Card or SATA controller (passing the SATA controller only works if the motherboard has more than one)

 

FreeNAS does have VM support, but I don't believe they have passthrough yet. I could be mistaken of course. But interface wise, ESXi is a lot easier to use to setup a VM on, over FreeNAS (at least, it was the last time I tried on both).

Does proxmox have USB pass through... I’m using a NUC so I don’t have any pcie ports

[dalekphalm]

Just now, Reppiy said:

Does proxmox have USB pass through... I’m using a NUC so I don’t have any pcie ports

Proxmox should have full device passthrough, and hardware virtualization support (VT-d and similar standards).

 

But I've never used it, so *shrugs*. I use ESXi personally, and at work.

[Gerr]

I thought ZFS doesn't virtualize well?

[dalekphalm]

25 minutes ago, Gerr said:

I thought ZFS doesn't virtualize well?

What do  you mean?

 

Do you mean that FreeNAS isn't a very good Hypervisor? (Eg: VM's running on FreeNAS don't run well)

 

Or do you mean that FreeNAS doesn't like to be virtualized itself (Eg: Running a FreeNAS VM on top of a different Hypervisor)

 

In either case, the answer is, they both work fine.

 

The VM features of FreeNAS are still pretty new, so it likely doesn't support some of the more advanced features.

 

As for running FreeNAS itself as a VM? Been doing that myself for 6+ months no problem. In fact, FreeNAS as a VM works awesome. The only thing you need to ensure is that the HDD's (or rather, whatever controller they're plugged into) is properly passed through to FreeNAS using PCIe Passthrough. This allows FreeNAS to still have direct access to the HDD's, which is needed for ZFS to work properly.

[Mikensan]

Does your intel NUC's CPU support virtualization or VT-d? How much RAM does it have, pfsense would at minimum need 1gb. Since you do not have slots you may not be able to pass the disk controller through.

 

Anytime you need to reboot the NUC for any reason at all, both your NAS and Firewall are going to reboot. Biggest issue I had with virtualizing pfsense was having to reboot the hypervisor on occasion.

[Gerr]

What I meant is that I have read that for ZFS to properly work, it wants direct access to the drives from what ever OS is implementing it.  Thus what every OS you are using, FreeNAS, Linux, etc, to try to avoid virtualization.

[dalekphalm]

13 minutes ago, Gerr said:

What I meant is that I have read that for ZFS to properly work, it wants direct access to the drives from what ever OS is implementing it.  Thus what every OS you are using, FreeNAS, Linux, etc, to try to avoid virtualization.

Direct access is 100% possible when virtualizing FreeNAS. If you use PCIe Passthrough to "pass" a controller (typically a PCIe SAS HBA Controller Card, or a PCIe SAS RAID Card in IT mode) to the VM, the VM sees the controller as if it were a standard physical installation.

 

Some Hypervisors/VM software doesn't support PCIe Passthrough though. And your CPU/MB has to be compatible as well.

 

I've been using FreeNAS in an ESXi VM for 6+ months. It's 100% stable and works perfectly as intended. I even did a rebuild once when one of my HDD's died and was replaced.