Pfsense and IPCop Virtualized

Discussion in 'PFsense M0n0wall IPcop & others PC based routers' started by Deeza, Jun 8, 2011.






  1. Bossing nagawa ko yan sa setup ko.
    sa pc kung saan naka install ang VMWare na may pfSense e nakaka inet ako pero sa mga client na naka connect sa router e hindi maka connect
    pls help
    http://www.pinoydsl.net/threads/pls...connect-sa-wifi-router-ko-using-pfsens.28151/
    thanks
     
  2. lordmight

    lordmight Guest




    ^Panong nakaconnect sa router? You mean ang gateway pa din nila is the router? or yung router mo may LAN ports na dun nakaconnect ang users mo?
    If yes, pano ang setup mo sa PfSense? Naka Static IP ba ang WAN nya or naka bridge lang ang router mo?
     



  3. network adapter > NAT
    network adapter > HOST ONLY
    may internet po sa server at nakalusca at ang speedtest 60mbps pero sa isang pc no internet no pfsense

    network adapter > VMnet0(bridged)SiS 191 Etherne contoller
    network adapter > VMnet2(bridged)Realtek RTL8139 Family PCI
    wala po ako internet ndi rin ako makapasok sa pfsense pero sa isang pc may internet may pfsense at speedtest 60mbps

    ganito po pla setup ko
    isp>>>modem>>>router(dlink di 604)>>>server + cafetimer + vmware + pfsense w/ lusca cache>>>another pc
    may mali po ba sa gawa ko?
     



  4. Good day po. Bago lang dito sa pinoydsl. Maki join lang ako sa thread.

    Share ko lang po.

    I not a pfsense expert but I find this interesting esp. yung firewall and added security features. I learned pfsense from the tipidpc forums and I started implementing pfsense on my 6 yr old dell inspiron last year. It's difficult to implement pfsense on a laptop because there's only a handful of pcimcia/expresscards supported by pfsense. I managed to found a compatible device but it was not good enough, I still had drivers errors on it. Then I virtualized pfsense using vmware, it was stable but the performance was not good enough. Fast forward today, I set-up a virtualization server running an esxi bare metal with pfsense and untangle as my firewall.
    [​IMG]

    My only concern with this setup is pfsense and untangle eats up a lot of cpu resources when downloading at full speed.
    [​IMG]
    Hyperthreading is enabled and I've assigned pfsense 2 virtual core with 3GB ram, untangle has 2 virtual core with 1.5GB ram. Running on pfsense are pfblocker and snort. Untangle has lite packages with default configurations. I could probably use vt-d on the nic devices but I'll lose vmotion so I'll stay as is for now. If I need the cpu resources then I'll switch with vt-d. I'll probably turn-off snort and implement this as a monitoring/detection device rather than a preventive device, besides it's giving me a lot of false positive - I couldn't even access untangle becuase of snort.

    :)
     
  5. athenaxds

    athenaxds Member




    Welcome to PDSL sir David please wait for the others to answer regarding your inquiry.
     



  6. If I were to set this up, I'll configure it like:
    isp<-->modem<-->server (with nic # 1 connected to modem)
    server (with nic #2) <--> dlink router <--> pc1, pc2, pc3, etc.

    vmware/pfsense setup:
    nic#1 bridge mode, pfsense wan interface
    nic#2 bridge mode, pfsense lan interface

    server and cafe timer (if these are virtual machines) should have their gateway point to the ip address of nic#2. If the two are not VM's, then the host machine's ip address config should point to the ip address of nic#2. PC1, PC2, etc. gateway should be the same, point to nic#2.

    Hope this helps. :)
     
  7. lordmight

    lordmight Guest




    @David
    Wait, you use untangle and pfsense under vmware server?
    What's the use of pfsense and untangle?
     



  8. @lordmight
    Yes sir, gamit ko yung pfsense as secondary router, primary firewall, pfblocker, snort. I'll also be implementing vlan and captive portal with AD/Radius in pfsense. Untangle acts as bridge, secondary firewall and parang catch-all sa lahat ng hindi ma-filter ni pfsense. All basic lite packages are installed with default configs. I'll configure untangle pag may time pero the default configs are already 'good enough'. I've tested both pfsense and untangle using a dedicated machine, each have their own strengths so why not use them both at the same time. :)
     
  9. palevelmode

    palevelmode Member




    Yes, LM that setup is common for TPCiers:)
     
  10. lordmight

    lordmight Guest




    @david
    rack server ba gamit mo or just desktop? ano spec nang server mo sir since you have mentioned na esxi ang gamit mo?
     



  11. Sir, desktop built lang pero server yung cpu. Eto yung specs ng PC:
    MSI H77MA-G3 socket 1155
    ivy bridge e3 1245v2
    Kuhler 620
    Ripjaws DDR3-1600 (4x8GB)
    WD Black 500GB
    Corsair CX-430wattsv2
    Silverstone PS07B
    3 additional intel expi9301 - isang nic for the wan, isa para sa lan, isang nic shared sa remaining VM's,
    onboard realtek nic for the management interface.
    [​IMG]
     
  12. lordmight

    lordmight Guest




    ^imba sir. Version 5 na ba gamit mo sir?
     
  13. palevelmode

    palevelmode Member




    @Davidx23

    Bro gumagana ba vt-d mo sa esxi setup mo?
     
  14. palevelmode

    palevelmode Member




    ^ Ano gamit mong NIC bro? Ilan?
     



  15. @lordmight
    Yes sir, 5.1 (yung latest build) yung gamit ko. Plan ko rin kasi mag study ng vmware and xeon lang alam ko na capable of performing FT, HA, vmotion, kaya I'll be needing a second build for this.

    @palevelmode
    Yes and no sa vt-d. Bale ang ginawa ko kasi shutdown ko yung mga VM's, tapos disable ko yung e1000 driver, enable ko yung vt-d, tapos add ko ngayon kay pfsense sa wan side. Since connected yung pfsense and untangle, nag vt-d rin ako sa lan side ng untangle. Pag boot up ko kay pfsense eh iba na yung config, so ni reconfigure ko yung mga interfaces pati ip address. Pag log-in ko sa GUI eh down yung wan ko (surprisingly no need to reconfig yung untangle kasi na access ko gui nya). Ayan kaya success/fail ang nangyari. Siguro, gagawa na lang ako ng panibagong instance ng pfsense at untangle na diretso naka vt-d yung nic, hindi lang kasi ako marunong magreconfigure pag may hardware changes.

    Pero i-park ko muna 'to kasi nag-iimplement ako ng SSL sa webgui ni pfsense using active directory certificate services. Ayoko kasi yung self-signed yung certificate ng pfsense gusto ko galing sa AD ko para kunwari authentic ;)

    Bale 4 yung network ports na setup ko:
    intel nic1 - dedicated port sa wan ni pfsense
    intel nic2 - dedicated port sa lan ni untangle
    intel nic3 - shared ports para sa iba pang mga VM's
    onboard realtek nic - dedicated port para sa management interface ng esxi
    intel expi9301ctblk gigabit pcie x1, 82574l-ata yung chipset
     
  16. palevelmode

    palevelmode Member




    Ah, OK setup mo bro ah, BTW yung onboard ng mobo mo detected ng esxi, wow sarap naman pala. Keep us posted bro. Ako nga din pala yung nasa kabila :)
     



  17. ^Cool, member din pala kayo dito.
    Yup, kaya pinili ko yang motherboard kasi compatible yung nic nya sa esxi 5.1. Sayang din naman kung ma-disregard pa yung isang port.
    Sure, mag-update na lang ako dito tska dun sa kabila pag napagana ko na yung mga sine-setup ko.
     



  18. Using Virtual Box then only used 512MB ram for it (2GB RAM Overall Host PC) and 20GB HDD. installed pfsense.

    ang lan speed lng tlga naabot nia ay below 25MB.

    ok lang ba to? I mean ano po masasabi nyo?

    testing on the Host PC ko mismo. then going to speed test di tlga nkaka abot 30Mb+..

    pero dati nung dedicated box. nkaka abot nman sa 70Mb ptaas (2GB RAM)..

    so pano ko mapataas po? ung RAM po ba sa virtualbox tataasan ko?
     
  19. athenaxds

    athenaxds Member




    this is the downside with virtual setup but when it comes to reliability and recovery mas madali mag backup pag naka vmware or virtual box - just zip your pfsense folder
     



  20. yep mabagal po tlga pero that when I'm using virtualbox. using vmware now and ang bilis tlga ng vmware kumpara ng virtualbox. in vmware 512mb ram, nkaka 50mb+ me. pero sa virtual box, 20mb+ lng tlga khit anong pilit.

    ano mean mo po na dali mag backup using vm po? u mean copy ko lng po whole profile sa vmware ko po kung san nka lagay ung pfsense?..

    tsaka may nabasa ata ako dati dito backup cache folder. dali lng po ba un? kahit iba na settings sa cache management basta lng malalagay ang OLD cache folder to New cache folder. gagana po ung old Cache data?
     
                                 

Share This Page