What specs do you run? What plugins or any sort of fancy routing tricks do you use?
install gentoo
>>54300848
I don't do anything fancier than putting in some OpenNIC DNS servers and forwarding some ports. I just wanted something that was getting security updates between my network and the internet. My old Asus router hadn't had a firmware update since like 2010.
it's not on exciting hardware either. Dual-core Pentium on an ITX board with an Intel NIC in the slot.
i run mine virtualized which isnt really a big deal at the moment. currently have 10 nics in it. 5 physical and 5 virtual for 9 different subnets + the wan
>>54301112
>>54300848
I have a Xeon server myself and one of my plans originally was to passthrough the dual-port gigabit NIC completely to a pfSense VM, and output to virtual NICs to the host and to other VMs. Anybody think this is stupid, or is it plausible? It is for home use, of course.
>>54301192
it works fine
>>54301236
Since I am using QEMU+KVM, libvirt would function the same way, correct? I guess I'm just worried about the security of it, since my plan is to completely passthrough the NIC to the pfSense virtual machine so the host never sees it, and just make virtual NICs for each system to connect to it, including my host.
Is that pretty much what you've done here? My only concern is whether or not going from onboard nic -> VM -> virtual nic -> host is going to work properly.
>>54301315
fuck if i know i dont use kvm. no matter how its done in esxi is secure enough
>>54301598
Okay, that's all I was wondering. I've heard multiple people online say it isn't secure, but in person my supervisor used to run a VM lab for a very large company using ESXi and he claimed it was just fine. Just curious. Thanks bro, I'll look into how to set it up on KVM
I think it looks cool, but I don't see the point in spending money just to run free firewall software.
Someone should make ofsense and port that pfsense code to openbsd. Freebsd is kinda janky and not secure enough for my tastes.
>>54300848
Like pfsense because you can have your waifu at your side while using it.
>>54302555
And your IP exposed
I'm trying to like pfSense, but for whatever reason OpenWRT with fq_codel on a $50-ish TP-Link works much better with my Internet connection.
On pfSense I get shittier speeds, and pic related happening intermittently. This is with codel set up in the traffic shaper settings.
I have the most autistic setup, all because I only have the one NIC on my server but I need to segregate my stuff from some devices on the LAN. All the traffic on my VMs is routed through the PfSense VM in order to reach VLAN 1 (the rest of the LAN + internet).+-----------+ +---------------+ +-------------+
| Desktop +--VLAN 2---+ Dell Switch +--VLAN 1--+ Innernets |
+-----------+ +------+--------+ +-------------+
|
Trunk
|
| <----------+ Single network cable
|
+--------------------+-------+-------+-------------------------+
| | openvswitch | |
| +----------+---+-------+-+-+---VLAN 2---------+ |
| | | | | | |
| Trunk VLAN 2 | +--VLAN 2-+ | |
| | | | | | |
| +------+-------+ | VLAN 2 | | |
| | PfSense VM +------+ | | | |
| +--------------+ +----+---+ +----+---+ +----+---+ |
| | VM 1 | | VM 2 | | VM n | |
| +--------+ +--------+ +--------+ |
| |
| KVM-QEMU Hypervisor |
| |
+--------------------------------------------------------------+
>>54300848
Are you really using 8.8.8.8 as your DNS? Is it nice to get permatracked?
>>54302311
please look up what pf actually fucking is.
>>54300848
>new webui requires botnet chrome
>mfw 2.4+ version will require a Windows 10 proprietary tool to configure.
>pfSense mustard race but IDK where they are heading anymore man.
