Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFsense on VM with 4 Port PCI LAN card Secure?

    Scheduled Pinned Locked Moved Virtualization
    5 Posts 4 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RavenReign
      last edited by

      Hello Everyone,

      I'm in the research/planning stages of gutting and rebuilding my home network with a PFsense box for firewall and network management. Also I want to implement a home email/media server with some network storage.

      At first I was thinking of separate machines for this. But after I'm thinking,

      If I build one machine with say a quad core and one 4 port and one 1 port PCI NICs. I could dedicate the PCI NICs for use by only the PFsence VM. Then I could create other VMs for the email server and W.E else using the motherboard NIC [or other PCI NICs (or could I virtually connect them?)]

      The 4 Port NIC would end up being my router, connected to my switch and the 1 port NIC the connection to my ISP

      This seemed like a good idea to me, but after searching around I've seen some people caution about using PFsense in a VM because its possible to brake ESX host security and well defeat the purpose of the firewall.

      is this still a risk if the PFsence has dedicated NICs?

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        (or could I virtually connect them?)

        You don't use real NICs to connect a VM to the network.  They connect to vSwitches.

        I've seen some people caution about using PFsense in a VM because its possible to brake ESX host security and well defeat the purpose of the firewall.

        Unless they can point to something specific, it's FUD.

        1 Reply Last reply Reply Quote 0
        • R
          RavenReign
          last edited by

          Thanks for the reply!  :D

          Vswitch that's great! I wasn't sure if that was a thing, I haven't done much VMing. Figured this would be a great learning experience.

          Then I can focus my 4 port NIC for the rest of my network.

          1 Reply Last reply Reply Quote 0
          • A
            andipandi
            last edited by

            Everyone in this part of the forum runs virtualized. :)

            Of course, you need to also patch and watch the host.

            I am really happy with my (virtualized) setup so far: great flexibility, very fast hardware (that just idles around, but has good capacity), less hardware, easy to create a new system or snapshot.

            Just the extra layer with the virtual switches adds some complexity each time you need to look into it, though that just takes a few minutes initially (which physical NIC is which virtual switch is which NIC in pfSense?).

            You also get benefits, like if you totally misconfigure pfSense, you can still access the console via the host.

            Also, typically several single or dual port NICs are cheaper than quads, and also watch out for used Intel ones which can come really cheap for good value and reliability.

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by

              "PFsense in a VM because its possible to brake ESX host security and well defeat the purpose of the firewall."

              How would they have access to the esxi managment.. You wouldn't expose esxi to the internet - but sure ok if they compromise your host then yeah every vm on the host would be open..  But the internet is only connected to pfsense WAN.  esxi management should be on a different physical interface all together, etc.  So how would they even get to esxi to compromise its security?

              With Kom - can you point out these things sayings its not secure so we can take a look..  There is a lot of FUD out there.. And then again your not running a DOD facility are you?  You stated its for your home use, etc.. So as long as you don't put your vmkern exposed to the public side there shouldn't be any issues at all.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.