update: I am using now 64bit beta4. Basic stuff works I am trying now advanced stuff. Dyndns is working now in new firmware. 1st compare to pf 32bit v1.x it needs more memory for my setup (256MB vs 160MB; no problem every system now has 2GB :) ) ps: v1.2.3 is working width new BIOS. VBox 4 also works fine ;)

Actually, I think I was having a different issue.  kvm shutdown command totally ignored.  This seems to be freebsd-related, not specifically pfsense.  More specifically, freebsd is the victim - the bug is in the seabios used by kvm. http://git.linuxtogo.org/?p=kevin/seabios.git;a=commit;h=50ecfa88d6a27abb873174903c9e09f989f46f1a So, I guess I live with it until an update/fix.  Sorry for the wasted bandwidth.

The past few days I've been running my pfSense 2.0 in VirtualBox on a Windows 2008 R2 server housing 6 TB of important data.  Now this is all personal stuff in my home, and I would never do this in production for any company at this point.  But I wanted to point out that by not associating any protocols with my dedicated WAN network adapter that isolates my host OS (Windows 2008 R2) from the internet very effectively.  I virtualized in order to save on electricity.  For anyone wanting to do the same and has a windows based server or htpc and is also hurting on the electric bill…you may have had the same thought as me.  That's why I wanted to put this out there.  I've been working with computers a long time and this strikes me as a quick and simple enough solution for home use.

Hi spiegeljb, I think you may need to ask around in the citrix forums. If your hardware can support IOMMU either in AMD forgot what the name of it is or Intel VT-d, you can directly pass pci to the HVM. Then the HVM will install the proper drivers rather than using pv-drivers or emulated IO drivers. Remember if you don't have IOMMU in your BIOS you will not be able to do pci pass thru to HVM. Below is an example of my pfsense config file :- import os, re arch = os.uname()[4] kernel = "/usr/lib64/xen-4.0/boot/hvmloader" builder='hvm' memory = 1024 shadow_memory = 8 name = "pfsense" vif = [ 'type=ioemu, mac=00:16:3e:xx:xx:xx, bridge=eth0, model=e1000',         'type=ioemu, mac=00:16:3e:xx:xx:xx, bridge=eth1, model=e1000',         'type=ioemu, mac=00:16:3e:xx:xx:xx, bridge=dummy0, model=e1000',       ] disk = [ 'phy:/dev/vgvolume/pfsense,xvda,w' ] , 'file:/home/pfSense-1.2.3-RELEASE-LiveCD-Installer.iso,xvdc:cdrom,r' ] device_model = '/usr/lib64/xen-4.0/bin/qemu-dm' boot on floppy (a), hard disk or CD-ROM (d) default: hard disk, cd-rom, floppy boot="dc" vcpus=2 cpus=["1", "2"] pae=0 acpi=1 apic=1 sdl=0 vnc=1 vnclisten="0.0.0.0" vncconsole=1 vncpasswd='' stdvga=0 serial='pty' usb=1 usbdevice='mouse' on_poweroff = 'destroy' on_reboot  = 'restart' on_crash    = 'restart' Hope this helps Eric

ESXi 3.5 + 20Mbs WAN traffic and 80Mbs LAN with 60% CPU My LAN switch is a Gigabit, but i dont think that I can max it out trough pfSense. So, keep your WAN, LAN, DMZ, and MgmtNet infrastructure physical and isolated. Use pfSense with dedicated NICs only for routing between. Cheers H

Thanks Helix - I will try what you suggest. I managed to stop pfsense crashing the host - i'm rock solid now - a BIOS update to my mobo made all my issues go away, but I like what you are suggesting also Jon

Forget it all. Everything works fine now. Turns out one of my PFsense devices was glitchy. Reinstalled from scratch and restored the information and it worked fine. I wish there was a way to find out what made it so buggy.

Can see the PFSense Web GUI- haven't tried pinging other hosts on our LAN- im using my PF sense router as a double nat through another router/modem- and yes it does receive a DCHP given ip from my modem/router- tried pinging google.com but havnt tried google dns 8.8.8.8. i am indeed bridging the connections- i've disabled everything apart from the VMware protocol on the WAN card but not the LAN card- is that correct? Thanks very much for your time Spraynpray was good of you to get back to me Tom

BUMP I've got it working with a untagged vlan but I hope that's not the only option. I'm thinking that creating vlans chop the speeds of my connections so now it's at something like 1/3 of 1gbit.

Take a freebsd VM running 7.3 (pfsense 1.2.3) or 8.x (pfsense 2.0) and install (really compile) vmware tools for the vm. Once you are happy with the functionality/stability of them copy the three .ko files over to your pfsense installs and bind them to the kernel loader.conf

Two years and two releases behind I would consider extremely old, especially when you're talking about specific version compatibility. As for why Server isn't a target, I'm not sure. Probably because at the time I'm not sure anyone had Server installed to see if it worked. Pretty much everyone has moved on to ESX.

With the regular connection, pfSense wouldn't even show de0/de1 and ask me to install a network connection, so yes I'm definitely using legacy.

I actually manage to get a stable setup running now. With Oracle VirtualBox. [image: pfsense.png] r_server.exe is the remote desktop service used. VirtualBox.exe use about 60% CPU with torrents and 10MB/s download on one of the two 2GHz cores. PING ping.sunet.se (192.36.125.18) from 85.228.221.196: 56 data bytes 64 bytes from 192.36.125.18: icmp_seq=0 ttl=249 time=1.638 ms 64 bytes from 192.36.125.18: icmp_seq=1 ttl=249 time=1.460 ms 64 bytes from 192.36.125.18: icmp_seq=2 ttl=249 time=1.546 ms 64 bytes from 192.36.125.18: icmp_seq=3 ttl=249 time=1.824 ms 64 bytes from 192.36.125.18: icmp_seq=4 ttl=249 time=1.538 ms ping seems to be stable too. Seems to handle the 100MBit connection good too. Using 1 IntelPRO1000gt NIC as WAN, 2 virtual NICs on that card and running multiwan 20MBit*3. Though I got one problem. Setting up rules for SSL to only use one interface works great but some other programs n shit aint working that good witout "sticky connections". When using sticky connections pfsense doesnt use multiwan at all, all connections seems to run on OPT1 or something. Running torrents without sticky connections reslut in like 5-6MB/s upload, and with sticky connections like 2MB/s (only 1 interface). Any ideas?

The answer is yes. However i dont see how this should improve security. Do you really want to encrypt traffic from one VM to another?

Ok, figured out, but still don't know how to fix it.  ??? My jail's bin sbin lib are empty. Seems like symlinks from template were not restored  after reboot, so jail cannot start. Is there any command to rebuild symlinks??

I believe that pf should not be run in a vm for the same reasons as there will not be FreePFNAS. But thats just my opinion. http://forum.pfsense.org/index.php/topic,10201.0.html