PfSense+NAS on single machine

[Mr.Humble]

Hello there!

 

I need some advice from people who are more knowledgeable about networking than myself.

I got a second computer that I intend to use as a NAS:

Mini-ITX B550 board, 4-6 SATA drives, 256GB NVMe SSD, Ryzen 4300G w/ Radeon graphics, 16GB of RAM, Realtek 2,5GbE onboard and 10Gb SFP+ NIC from SuperMicro (2 network ports in total)

 

I plan to run this machine 24/7, battery backed up, at my new place, and potentially host some game servers for my friends (public IP TBD, 1Gb symetrical internet).

 

However all things considered it will be stupidly overpowered for even the most demanding streaming and encoding workloads.

 

So I started thinking about also using it as a router as well using PfSense, but I need help on choosing the OS, the topology, and the configuration.

 

My requirements are:

- ZFS raidz1

- mismatched drives (at the beginning I plan to reuse old hard drives that we have laying around, mostly 1TB and 2TB capacities, potentially 1x 4TB drive in my primary PC)

- ability to access the NAS remotely via VPN

 

I started looking into the options and it seems like there are two main options:

 

1. UnRaid with PfSense in Docker

2. PfSense and TrueNAS virtualized in Proxmox (not sure I understand this correctly, feel free to let me know)

 

In terms of topology, I was hoping something like this would be possible:

 

fiber modem -> 2,5GbE port as WAN -> 10Gb SFP+ port as LAN -> multigigabit Zyxel switch -> PC, Wifi AP, projector, Apple TV, Sonos speaker etc.

 

My concern is that I am not sure if this would be possible on a single machine, where the "LAN out" port on the router also works as a "LAN in" port for the NAS? Is this something that could be achieved?

 

What would be a good solution for someone who wants to try going this way but is by no means a networking expert?

 

Should I just get a decent dedicated router and not bother complicating my setup?

[Electronics Wizardy]

16 hours ago, Mr.Humble said:

My concern is that I am not sure if this would be possible on a single machine, where the "LAN out" port on the router also works as a "LAN in" port for the NAS? Is this something that could be achieved?

 

Yup this works fine, I'm doing this on proxmox currently without issues. 

 

Basically the hypervisor makes a virtual switch inside the system that works just like any other switch.

 

16 hours ago, Mr.Humble said:

What would be a good solution for someone who wants to try going this way but is by no means a networking expert?

 

If you want to try , go ahead, its not too hard to setup. Just be away its a bit more annoying to fix, and if the nas goes down, the rest of the network goes with it.

 

16 hours ago, Mr.Humble said:

- ZFS raidz1

- mismatched drives (at the beginning I plan to reuse old hard drives that we have laying around, mostly 1TB and 2TB capacities, potentially 1x 4TB drive in my primary PC)

These don't mix that well. If you want to use the space of mixed sized drives, you can't use raidz, so take your pick of zfs or using all space in mixed drives.

 

Self promo: Here is a video I did on this very thing.

 

https://www.youtube.com/watch?v=_YazSroZm68

 

[LIGISTX]

What I recommend is not virtualizing pfsense as a first attempt at using it, virtualized firewall makes everything a little more difficult and confusing, and it’s already confusing and not that hard to lock yourself out of your network or the internet, or both. 
 

If you do go that route, I’d get a dual port PCIe NIC, pass that through proxmox to the pfsense VM. One of those ports will be WAN, one will be LAN, just like a normal router. From the LAN, run that into a switch, now you have a standard networking topology. From there, you plug your proxmox hosts mobo Ethernet port into the switch, so now proxmox itself is acting as if you had a router out on the network (it doesn’t know it’s actually going mmmmmm hosting the firewall…). 
 

This way you don’t have to deal with virtual networking. 

[Mr.Humble]

On 5/17/2023 at 4:41 PM, LIGISTX said:

What I recommend is not virtualizing pfsense as a first attempt at using it, virtualized firewall makes everything a little more difficult and confusing, and it’s already confusing and not that hard to lock yourself out of your network or the internet, or both. 
 

If you do go that route, I’d get a dual port PCIe NIC, pass that through proxmox to the pfsense VM. One of those ports will be WAN, one will be LAN, just like a normal router. From the LAN, run that into a switch, now you have a standard networking topology. From there, you plug your proxmox hosts mobo Ethernet port into the switch, so now proxmox itself is acting as if you had a router out on the network (it doesn’t know it’s actually going mmmmmm hosting the firewall…). 
 

This way you don’t have to deal with virtual networking. 

Hi,

 

I'd love to go that route but I have a single LAN port ITX board, and a single SFP+ 10Gb NIC. The hardware is already selected and bought, and the router I plan to get only has one SFP+ port as well.

 

Is it possible to avoid virtualization some other way?

 

As pfsense is based on FreeBSD, is there some option to run a NAS VM with pfsense as the host?

 

 

[Mr.Humble]

On 5/17/2023 at 4:08 AM, Electronics Wizardy said:

Yup this works fine, I'm doing this on proxmox currently without issues. 

 

Basically the hypervisor makes a virtual switch inside the system that works just like any other switch.

 

If you want to try , go ahead, its not too hard to setup. Just be away its a bit more annoying to fix, and if the nas goes down, the rest of the network goes with it.

 

These don't mix that well. If you want to use the space of mixed sized drives, you can't use raidz, so take your pick of zfs or using all space in mixed drives.

 

Self promo: Here is a video I did on this very thing.

 

https://www.youtube.com/watch?v=_YazSroZm68

 

Hi there, thanks for replying!

 

Does it need to run on proxmox? I am not familiar with it. How flexible is it in terms of allocating resources, I.e. I the NAS needs more power to run a game server for example?

 

Does using proxmox necessitate virtualizing both the router and the NAS?

 

Is there a possibility to run pfsense/ nas on bare metal, with virtualizing just the other thing? Or would that run into issues with hardware resources due to lack of ports?

 

I think I read somewhere that unraid has a pfsense plugin, but although it should support ZFS now as well I am not sure if and what limitations there are.

 

Also I read on the Truenas wiki that mixed size drives are allowed but will be limited by the capacity of the smallest drive. Is this true in addition to not being able to use raidz?

[Electronics Wizardy]

22 minutes ago, Mr.Humble said:

Does it need to run on proxmox?

Nope any hypervisor/vm host should work.

 

22 minutes ago, Mr.Humble said:

How flexible is it in terms of allocating resources, I.e. I the NAS needs more power to run a game server for example?

Its the same as most hypervisors. CPU resources are shares, so the vm only takes as much as it needs

 

23 minutes ago, Mr.Humble said:

Does using proxmox necessitate virtualizing both the router and the NAS?

 

Yup. You can technically do it without a vm, but a vm is a lot easier.

 

24 minutes ago, Mr.Humble said:

 

I think I read somewhere that unraid has a pfsense plugin, but although it should support ZFS now as well I am not sure if and what limitations there are.

 

I'm more of a fan of proxmox for vms, but unraid can also run vms and pfsense in a vm.

 

24 minutes ago, Mr.Humble said:

 

Also I read on the Truenas wiki that mixed size drives are allowed but will be limited by the capacity of the smallest drive. Is this true in addition to not being able to use raidz?

Your limited to the smallest drive size. You can use mixed drives in raidz if you don't mind this limit.

[LIGISTX]

1 hour ago, Mr.Humble said:

Hi,

 

I'd love to go that route but I have a single LAN port ITX board, and a single SFP+ 10Gb NIC. The hardware is already selected and bought, and the router I plan to get only has one SFP+ port as well.

 

Is it possible to avoid virtualization some other way?

 

As pfsense is based on FreeBSD, is there some option to run a NAS VM with pfsense as the host?

 

 

If you want to run 2 OS’s on a single box… virtualization is required. And you can’t virtualize anything under pfsense, so no matter what pfsense will be virtual if you don’t run it bare metal on its own box.