Untangle/PFSense VM question

F

farscapesg1

2[H]4U
Joined
Aug 4, 2004
Messages
2,648
Didn't know if this would be better here or under virtualization, but since the question is really related to hardware I thought I would take a chance.

I'm thinking about setting up an Untangle/PFSense VM on my ESXi box, which at the moment would be pretty straight forward. However, I also plan on adding another ESXi box and shared storage in the very near future for HA/Fault Tolerance and my question is how to configure this so the VM will run on either host...

Tell me if my thoughts are correct here...

Cable goes into cable modem, cable modem connects to a standard network switch (or possibly even a managed networks switch configured with a VLAN). Then connect 1 network port on each host to that switch and dedicate it to the VM as the incoming link. Another network port in the VM will be configured to connect to the network using the network ports assigned to VMs.

Should this work? Am I missing something? This is for home use, which should give me better options than my aging DLink 655 router.
 
What I would do for a dual ESX setup would be HA not in ESX, but in pfSense or untangle. Have your cable modem connect to a switch (a simple 10/100 unmanaged would be fine). Then that will connect to a NIC on each VM box. That NIC will be on its own Vswitch labeled WAN. The LAN interface of the firewall will attach to your current vswitch which will use your other physical NIC to connect to your home LAN. Then if one hypervisor goes down vmotion will move all VMs except the firewalls that way your LAN has no and there are limited routing issues between you and your ISP as well as on the LAN.
 
So, run a seperate untangle or pfsense vm on each host? Won't that cause issues with the cable modem due to the MAC addresses being different when reported through the modem to the ISP? This is a basic home ISP connection (Comcast to be specific).

For some reason I thought it would make more sense to have a single instance being vmotioned during the event of host failure instead of two boxes both trying to connect through the cable modem at the same time...
 
Depending on what comcast allows for, you may be able to get 2 DHCP leases from a single modem allowing this to work properly. If not then you would use a single device and let it vmotion, however the network is still the same.
 
This is exactly how I have mine setup.

Cable modem into a switch, then my 2 firewalls one into each port, since my ISP only gives 2 ip addresses, I have 2 firewalls one for the house and e rest of everything powered by untangle, then the other is on y other firewall that I play with so I don't pdisturb the family / network servers and other goodies.

dash
 
You must log in or register to reply here.
Back
Top