Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hosting services in pfSense

    Scheduled Pinned Locked Moved General pfSense Questions
    14 Posts 6 Posters 1.6k Views 5 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      nunu
      last edited by

      Is it possible and/or recommended to install services like a HTTP-server and some other services in pfSense operating system? For example nginx is available (it looks like apache is missing...), bhyve is available from the packages to install for example Linux and jail subsystem would be good to evaluate.

      Are the packages or configuration deleted in updates or are the processes stopped? How about the virtual-machine support, can I install VM:s in pfSense?

      NollipfSenseN 1 Reply Last reply Reply Quote 0
      • NollipfSenseN Offline
        NollipfSense @nunu
        last edited by NollipfSense

        @nunu First and foremost, pfSense is a firewall; so, you would need a highly compelling reason why you want to do that and even then most would frown on the notion. Install VM in pfSense ...that's the craziest idea; however, don't ask us to show you how.

        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

        N 1 Reply Last reply Reply Quote 0
        • N Offline
          nunu @NollipfSense
          last edited by

          @nollipfsense An option is to install a FreeBSD and loose the web interface. I can get the point, the firewall itself has connections open everywhere. The x86:s are quite big in home use and there is no ARM community version.

          It looks like the init system is the same. rc.conf is missing. How are the services installed?

          NollipfSenseN 1 Reply Last reply Reply Quote 0
          • NollipfSenseN Offline
            NollipfSense @nunu
            last edited by

            @nunu said in Hosting services in pfSense:

            How are the services installed?

            As packages.

            pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
            pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

            1 Reply Last reply Reply Quote 0
            • N Offline
              nunu
              last edited by

              How about installing as a virtual machine? For example bhyve is available from packages. If the service was a VM, is it possible to block the traffic from the VM?

              The other way around, I don't understand how pfSense could be installed as a virtual machine, how is it able to use the hosts interfaces?

              @nollpfsense How are the services started then? Is it something in the package?

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG Offline
                Gertjan @nunu
                last edited by

                @nunu said in Hosting services in pfSense:

                How are the services started then? Is it something in the package?

                It's all open ^^ I'll give you a hint : /usr/local/etc/rc.d/

                @nunu said in Hosting services in pfSense:

                how pfSense could be installed as a virtual machine

                Have one running @home in a Hyper-V VM Win Pro as my main router/firewall.
                Just slap some NICs in your desktop, assign a LAN NIC so your other local devices can join, a WAN NIC that goes to your ISP-whatever-connection-device-plug and done.

                Btw : pfSense has all the doc freely available on te net. Did you saw it ? There are several VM examples.

                @nunu said in Hosting services in pfSense:

                For example nginx is available (it looks like apache is missing...)

                And before, we had lighttpd as the web GUI server.
                I never understood why it's now nginx - or, why not, apache, as these are industrial strength web servers. The web server of pfSense is used, ones in a while, by just one person, the admin. Not half a million.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • N Offline
                  nunu
                  last edited by nunu

                  The easiest in the home/home office use would be to settle to use a smaller device. ARM is supported if it is compiled from community sources. Is it possible to get ARM pkg updates even if compiled from a community edition?

                  At least the bhyve has a setting if the VM should start automaticly. This must be the type2 not recommended, hosted VM.

                  NollipfSenseN 1 Reply Last reply Reply Quote 0
                  • NollipfSenseN Offline
                    NollipfSense @nunu
                    last edited by NollipfSense

                    @nunu So, you wanted to run pfSense as a VM or did you wanted to install a VM unto pfSense? If it's the former, there are several examples available as Gertjan pointed out. I learned pfSense by installing it on a VirtualBox VM then, graduated to a dedicated hardware later.

                    pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                    pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                    Cool_CoronaC 1 Reply Last reply Reply Quote 0
                    • Cool_CoronaC Offline
                      Cool_Corona @NollipfSense
                      last edited by

                      I run pfsense in nothing but VM's.

                      Running it bare metal has so little to offer performance wise compared to the flexibility of vm's and the scalability

                      johnpozJ 1 Reply Last reply Reply Quote 0
                      • johnpozJ Offline
                        johnpoz LAYER 8 Global Moderator @Cool_Corona
                        last edited by

                        @cool_corona said in Hosting services in pfSense:

                        Running it bare metal has so little to offer performance wise

                        While I agree with you if you have a decent VM host hardware. Flexibility and scalability can not be beat with some decent VM hardware.

                        Where hardware wins hands down is maintaining connection when you have to do maint on your VM host ;)

                        There are way more things that happen from a maint point of view that require VM host reboot compared to a little box just being the firewall.

                        When I up'd my internet connection speed, my old vm host couldn't do it. So I had a choice upgrade to a beefier VM host.. Or downsize my whole vm thing, and break out router to hardware. While I do miss the ease of playing with snapshots of latest and greatest pfsense without a care in the world, because could always just boot the snapshot I took on the host if something went wrong. I do like now being able to reboot my nas (has vms and dockers on it - none of which are resource hogs or required for my network to function).. And still have full connectivity.

                        And I can still play with pfsense on a VM if want to play with latest dev version or test a snapshot version, etc.

                        And while if you understand VM networking, etc. It not difficult to use a VM running on your host for your firewall/router for your whole network.. It is a bit more complex than just booting some hardware and plugging in wires..

                        I ran pfsense as VM for many years - and it worked great.. But hardware for your router/firewall does have some advantages for sure. It really comes down to skill set of user, what hardware they have or are willing to purchase.

                        Either way works.. I would be hard pressed to find a reason to go back to doing it on a VM though.. But if I was more into VMs and had hardware with the spare cycles on the host - sure I would run it on VM again.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        Cool_CoronaC 1 Reply Last reply Reply Quote 1
                        • Cool_CoronaC Offline
                          Cool_Corona @johnpoz
                          last edited by

                          @johnpoz

                          I run everything on Super Micro 5019D in several variants.

                          Started with old IBM X3650m3's that cost close to nothing with redundant power and bulletproof performance.

                          I run them all in vmware clusters and always more than one way in so I can manage everything remote despite one of them going down.

                          DRS takes care of the performance clusterwise

                          johnpozJ 1 Reply Last reply Reply Quote 0
                          • johnpozJ Offline
                            johnpoz LAYER 8 Global Moderator @Cool_Corona
                            last edited by

                            @cool_corona said in Hosting services in pfSense:

                            Super Micro 5019D

                            And how much did you pay for that? ;)

                            There is a big difference between that hardware and say my ds918+ nas that currently running vms and dockers on.. hehehe

                            Like I said if you have the hardware, then yeah its very desirable setup.. Especially if you have a HA cluster ;) heheheh -- Sorry but do you think the OP has that skill set or hardware from how they are talking about running VMs on their pfsense hardware? ;) Really??

                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                            If you get confused: Listen to the Music Play
                            Please don't Chat/PM me for help, unless mod related
                            SG-4860 24.11 | Lab VMs 2.8, 24.11

                            1 Reply Last reply Reply Quote 2
                            • N Offline
                              nunu
                              last edited by

                              What open source virtual machine would you recommend if the host os was FreeBSD?

                              The pricepoint looks nice looking at the Netgate consumer products and I'm sure if someone is buying new consumer hardware would find a good solution from those. Nice package, good software and enough hardware, low power.

                              I have tried installing pfSense just yesterday in an old ARM64 device. If the /etc was copied from the x86 the device just deleted every file in the disk. Is pfSense a community edition? How do you install the pfSense in an ARM system?

                              with best regs, nunu

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S Offline
                                stephenw10 Netgate Administrator
                                last edited by

                                Compile your own image for that specific system complete with all the required hardware details and customisations. Then flash it. 😉

                                In reality, unless you're an experienced developer with both ARM and FreeBSD, you don't.

                                Each of the ARM devices we have built images for required significant development effort.

                                Steve

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.