pfsense - dual wan?

[kandor]

Hi,

I have an Asus RT-AC66U router at the moment, and dual cable modems. The asus is setup for load balancing. I'm really interested in building a pfsense box but I am too noob about pfsense to understand the implications of a dual wan scenario. i.e. how many nic's required etc.

Thannks for your help!

Kandor

 

[iamwhoiamtoday]

If you're going to be building a PFsense box, I'd recommend putting in an Intel Quad Gigabit NIC in the system. They are fairly cheap on ebay, and work wonderfully. Stay away from the Realtek nics, you'll thank me later xD

This all depends on how you want to set things up. Minimum, you need three ethernet ports. One for each WAN, and one for your local network. If you are intending on adding a DMZ, you're looking at another ethernet port.

Are you intending on virtualizing this system, or just having it as a dedicated router?

 

[kandor]

Hi, thanks for the info.

I hadn't thought about virtualizing the pfsense box. I have some old q6600 machines in a closet so making a dedicated machine is easy enough - although adds power consumption.

If I were to virtualize the pfsense box how does that work? You virtualize on the local machine with the intel quad gigabit nic? I can't understand the network topology in this case?

So, I'm understanding the my Asus router will just become a switch/wifi-ap? I don't need a dmz but I do need incoming vpn clients. Currently I handle that on my asus router.

Seems I have some reading to do!

Thanks!

 

[iamwhoiamtoday]

If you were to virtualize your router, you would pass through the ethernet ports to the VM. This is pretty straight forward in ESXi (VT-D required) and XenServer.

Out of four ethernet ports, this is what they'd look like:
Port 0: Management for your hypervisor
Port 1: the first WAN connection, passed through to your VM
Port 2: the second WAN connection, passed through to your VM
Port 3: the internal network port, passed through to your VM.

Ports 0/3 will be hooked up to your main switch, whereas ports 1/2 are hooked up to their respective modems.

Any VPN configuration stuffs would be done inside of the VM. (I don't know shit about VPNs other then 5 minutes on wikipedia)

Your Asus Router can easily be configured as a WAP / switch. Depending on the port forwarding setup, it might be possible to route the incoming VPN traffic directly to your ASUS router? maybe? but that is beyond me xD

Note: There are millions of possibilities for this kind of setups. I just like running my router in a VM because I mess up the config all the time, and need to restore from a snapshot often >_>

 

[kandor]

Ok, so the 4 ethernet ports (intel quad nic) are in the box that you are runnning ESXi, or if not (since you show port 0 as management) then you have your nic box running as a thin client and your ESXi install is on some other machine?

Thank you!

 

[Deleted member 12106]

There is a whole subforum on PFSense own forums dedicated to this topic.

https://forum.pfsense.org/index.php?board=21.0

Not at all being a dick, I think reading the sticky and searching the subforum is going to bet he best bang for the buck.

 

[iamwhoiamtoday]

The hypervisor itself needs to have the network card(s) plugged into it locally.

If you have no experience with hypervisors, I'd say to hold off on using this project for that. Might as well just make a dedicated PFsense box, and later down the road, make an ESXi box for learning purposes.

It'd be a lot easier to do both ESXi and PFSense separately the first time xD

 

[kandor]

Ok, I got it, so a separate cable from the switch to port 0 is required for management. Yes - that confuses me, but it's ok - I'll take your advice and skip the vm for now until I figure this all out.

@scotty8 not at all, I'm happy to read - I'd looked on their forum but a lot of threads that search returns are from many years ago.

Thanks!

Kandor

 

[Valnar]

I'm assuming you want dual WAN because your Internet is important. If that's the case, I would not virtualize pfSense. Just buy/build a box for that. Otherwise your Internet will be down during any ESX maintenance.

Low speed Atom boxes are available everywhere. If your Internet is less than 60Mb, then an old ALIX board would be fine. Check out Netgate.

 

[kandor]

Ok, good point. I'm using an old q6600 system. quad core, 4gb of ram, 680i SLI chipset. It has a fanless vid card and a huge old fashioned air cooler (si-120). I unplugged the fan on the cpu cooler and temps stay in the low 40's . So it should stay pretty quiet.

Also, as per iamwhoiamtoday, I've got an intel quad nic on it's way from ebay.

 

[kandor]

Hi,

Update: I got the intel quad nic, put it into a lenovo M73 machine (small form factor). It has a pcix16 slot. Unfortunately pfsense doesn't see the card during install. So I think I have to start over somehow. I've found some other people with pfsense with this same nic that have problem detecting. Perhaps motherboard related.

Thanks

 

[diizzy]

If you want to be a bit creative you can use one NIC and just do VLANs
//Danne

 

[kandor]

Can you elaborate?

 

[kandor]

ok, well that is 1 day I wont get back.

I tried every possible option to get that card recognized on the system but no luck. Note, I plugged the card into another system (win7) in which it was recognized no issues.

So, this is either a pfsense/freebsd issue with this specific card or the motherboard in the lenovo box itself.

I'll try again...

 

[diizzy]

Just plug in WAN connections into the switch and use VLANs to tag each connection.
//Danne