PFsense + UT in virtual machines?

Anyone do this? Basically, I'd like to tryit, run PFsense out front as the router/traffic shaping, and mess around with captive portal and such, then, use untangle for a UTM.

Did some basic googling and did not come up with much. Never tried ESXi, so, I figured it was time to do something kinda different. I'm looking to consolidate hardware around here to reduce the power bill & noise, so this is one of the reasons I'd like to give it a whirl.

Thoughts?

Piddled with Untangles VM quite a few versions ago...about to experiment with the latest version because I want to move one at a client to a VM. Many of them have a special download specifically for VM.

The one thing I plan on doing..have a dedicated NIC specifically for the red interface. I know VMWare is supposed to be secure with all their virtual NIC stuff..but somehow sharing a physical interface with both red and LAN resources scares me..there have been a few exploits out against VM..and I'm going to assume, due to its popularity..that it will only get worse.

you should be able to do it no problem on ESXi or ESX. I would stay away from VMware Server, though. Main thing is you'll want to make sure you have plenty of NICs. I would say two dedicated NICs for PFsense and one dedicated, one shared for UT. You'll probably want to have six NICs total, just in case.
Posted via [H] Mobile Device

Captain Colonoscopy said:

you should be able to do it no problem on ESXi or ESX. I would stay away from VMware Server, though. Main thing is you'll want to make sure you have plenty of NICs. I would say two dedicated NICs for PFsense and one dedicated, one shared for UT. You'll probably want to have six NICs total, just in case.
Posted via [H] Mobile Device

Click to expand...

Can any of the nics be virtual? I had thought that ESX/ESXi had a virtual switch build in. Thinking, 1nic for modem, then would like to to PF to UT in a virtual network, then prob a nic out to the switch, so, that would be 2 physical nics...

IDK. In a few weeks I will have an extra box to play with. I want to also throw a win2k8 VM on it, and possibly a LAMP server. The hardware in question only has 2 pci slots, I have no dual ports, and the mobo has an onboard(realtek) I think.

sc0tty8 said:

Can any of the nics be virtual? I had thought that ESX/ESXi had a virtual switch build in. Thinking, 1nic for modem, then would like to to PF to UT in a virtual network, then prob a nic out to the switch, so, that would be 2 physical nics...

IDK. In a few weeks I will have an extra box to play with. I want to also throw a win2k8 VM on it, and possibly a LAMP server. The hardware in question only has 2 pci slots, I have no dual ports, and the mobo has an onboard(realtek) I think.

Click to expand...

You can certainly try fiddling with vswitches, dunno how that will work for you. I've never been successful in getting UT to run in a VM in transparent mode without at least one physical NIC dedicated to it, that was the one that went to the hardware firewall.

Like I said in a week or so I should have an extra box to fiddle with.

I have done this. I don't have it setup this way anymore but I did have a virtual pFsense box that my WAN came into which fed over to a virtual Untangle box. I did this under ESXi 3.5 and everything worked great. Only thing you really need to know, is make sure the vswitch for Untangle allows promiscuous mode. You'll need 2 NIC's to do this, one for the WAN to come in and another for your LAN. Build 2 vswitches, one for you WAN that only pFsense connects to, then another that bridges pfsense's LAN to Untangles WAN. Then connect Untangles LAN to the default LAN vswitch. And make sure both vswitches Untangle is connected to when bridging allow promiscuous mode.

A Co-Worker put untangle in as a content filter for college dorms. They had one virtual nic that was to their internet and then they had one for internal traffic. I can't say that it will work for pfesense, but I know it worked for untangle

sc0tty8 said:

Anyone do this? Basically, I'd like to tryit, run PFsense out front as the router/traffic shaping, and mess around with captive portal and such, then, use untangle for a UTM.

Did some basic googling and did not come up with much. Never tried ESXi, so, I figured it was time to do something kinda different. I'm looking to consolidate hardware around here to reduce the power bill & noise, so this is one of the reasons I'd like to give it a whirl.

Thoughts?

Click to expand...

This is EXACTLY what I've been trying to do!!! LOL. I'm trying to get Smoothwall and UT to run on ESXi and I JUST got all the parts together so I'm still in the process of building. I created a thread similar to this one a few weeks ago and I'm told that you really only need 2 NIC's. The ESXi server will create two virtual NICs for each OS. So you have to make a green and a red for your firewall and then the same for UT. Virtual Red on firewall to virtual green on firewall to transparent bridge (using 2 virtual NICs) on UT. In theory....I'll let you know in a few hours as to whether it actually pans out that way!

Phantum said:

This is EXACTLY what I've been trying to do!!! LOL. I'm trying to get Smoothwall and UT to run on ESXi and I JUST got all the parts together so I'm still in the process of building. I created a thread similar to this one a few weeks ago and I'm told that you really only need 2 NIC's. The ESXi server will create two virtual NICs for each OS. So you have to make a green and a red for your firewall and then the same for UT. Virtual Red on firewall to virtual green on firewall to transparent bridge (using 2 virtual NICs) on UT. In theory....I'll let you know in a few hours as to whether it actually pans out that way!

Click to expand...

LOL Cool!

I decided to say screw it and started working on it. I was saving my desktop for a friend for my lanparty next weekend, but piss on it

Just installed 3 nics, hoping at least 2 will work with esxi. One is an intel, aother is a 3com, then the other is the onboard nvidia.