So obviously Proxmox tries to use the guest agent if it's activated and does not send ACPI signals, even if it has recognized that the agent isn't running. 🙄
Didn't know that. However, since pfSense has no Qemu guest agent there's no reason for activating it.
Sorry but I am with @ITFlyer - and I edited your post to remove what amounts to keywords and a link..
Glad your wanting to help - but keep it on topic to the question at hand.. And why would you join a forum, minutes latter add such a post to a almost year old thread, because it mentions something related to what your wanting to promote is what it looked like.
It's highly unlikely to be related. There is nothing that gets triggered by pressing 8. Maybe your system connecting to the firewall via SSH on its own might have nudged your client system's IP stack in some way (e.g. a new ARP request), but it's unlikely to be a firewall problem.
my computer is infected with viruses, and these perpetrators also seem to be on my network at various times. So I was thinking of putting a pfSense firewall on my network.
Look outside. We are in the year 2020.
Most, if not all processes communicate with each other using something like TLS.
This is even more valid if these processes have sensible information to hide, like, for example, viruses.
So, never ever pfSense can find out what is coming in and out of your network **.
There is only one way out. Stop downloading any executables, probably even pay-ware, free ware for sure.
Remember : if there is no price (no $) then the product is YOU.
There are two major solutions for this. Stop clicking. And your done. This will even save your mouse buttons.
Far less better, but it might work : check out all the videos from, for example, https://www.youtube.com/user/ThePCSecurity - you'll see an relatively up to date tests among 'the best' which you will re qualify as the "most commercial known". And again, if you pay nothing, you will have the quality worth you paid for. Knowing that 0 / "something" is .... known as zero.
It's not very hard to learn where to look for when it comes to viruses and family. And when done, no more need to use anti-virus scanners and stuff like that (I'm using none).
Don't get me wrong, but I concerned about your concept of security ;)
** actually, I should say : pfSense could do some inspection work for you. The real issue is : a huge knowledge about SSL/TLS, certificates, proxies will be needed. People that can pull this one of .... never do so because they do not have the need for it : these guys saw a virus somewhere in the last decade, the day they were learning.
An exception to the rule might be an email server, something like postfix, which doesn't belong at all on a device that is a firewall router like pfSense. This kind of server unpacks your mail, and stores them in clear text, which makes scanning possible before the user can see and/or download it into the mail client.
There is no such solution as "install XYZ ito pfSense, set this and ckick there" and all my traffic is scanned, and blocked if needed.
hi Ingenium, I know it might be a bit late for an answer, but I think one solution for your VLAN on VF problem might be to bind a VLAN on a VF on the host.
You can use "ip link set PF vf X vlan Y" on the host to bind a VLAN on the VF. Replace PF with your PF-interface name, X is the VF interface and Y is the VLAN. You would end up in having a VF for each additional VLAN.
The VLAN header is stripped/inserted by the VF and the interface can be used just like a standard interface in pfSense. No need to configure VLAN in pfSense.
check out https://doc.dpdk.org/dts/test_plans/vf_vlan_test_plan.html for reference.
@ldiciolla as xcp-ng version 7.x you must add 4 extra in the mtu 1500 cause the nic in xen has no 802.1q vlan driver due that the max vlan 4094 is done like
1024 2048 4096 4096 is how memory is allocated but the mtu 1500 is the tcp mac window max trans (m)utex just add 4 in the mtu and there the vlan number will be stored (in v8)this is covered , pfsense runs in a vm so don't allocate vlan(s in vlan(s on the gen1 hypervisor , buy a switch vlan802.1q built there your nic vlan in and deliver pfsense simple lan interfaces reason is the nic must also be vlan capavle, by using a switch this is covered and on one realtek i ran wan lan1,2,3,4,5,6
always tag the port the 802.1q has nothing to do with the ARP MAC thats in 802.1ad
vlan 4096 tag means all vlans and start by id 4 due 1-3 is are used for LAG not like LACP or LACP.802.a3d ,
It seems I might have made a mistake in my virtual network configuration. I tried ssh'ing to the gateway 10.0.0.1, and lo and behold, an ssh server running. Turns out it was my virtualization host listening on that address. A reboot of the router must have made it also on that address (is that possible?) temporarily.
> virsh net-dumpxml lan_priv
<bridge name='virbr1' stp='on' delay='0'/>
**<ip address='10.0.0.1' netmask='255.255.240.0'>**
I believe it should be **"10.0.0.0"** for the network ip address.
I'll clean everything up and report the results.
@heper Thank you. My home network is pretty small and my use cases generally don't put much of a load on anything. Also, I only have a 200 Mbs WAN connection so guessing that pfSense performance on the hardware I have ordered won't be an issue.
That said, it's good to know that some folks may consider EXSi to offer better performance than Proxmox and I will do some research in this area too. Thank you again.
Ah, OK. That is certainly possible. I was confused by the discussion of 'teaming' which is not what you want at all.
You have two choices here:
Pass though 3 three NIC to pfSense and bridge them. That will give your the behaviour you want but as (I now see) you initially said it's a very inefficient way of creating a switch. Bridging can be awkward in pfSense.
Create a vswitch in hyper-v and connect all 3 to it. It's still doing it in software which is not as good as a real switch but at least it's trying to be a switch rather than a bridge. That also simplifies the pfSense config significantly that would then only have a single LAN interface internally connected to the vswitch.
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.