pfSense on QNAP NAS
-
@pmk3
Hey there,
Update: I was able to get the full speeds up perfectly with QNAP's pre-image and the NAS did not struggled at all. Very happy with the performance. Which program do you recommend me first to try? Or the most CPU intensive..In Nerd mode: The issue was one of the 4 adapters were strangely acting up.
So far really happy with the equipment.
cheers
-
@brother_scud said in pfSense on QNAP NAS:
@pmk3
Hey there,
Update: I was able to get the full speeds up perfectly with QNAP's pre-image and the NAS did not struggled at all. Very happy with the performance. Which program do you recommend me first to try? Or the most CPU intensive..In Nerd mode: The issue was one of the 4 adapters were strangely acting up.
So far really happy with the equipment.
cheers
Thanks for the update! Happy to hear you got it working.
In terms of packages, I've read that Snort (intrusion detection and prevention system) can be quite cpu intensive. Other packages that interest me are pfBlockNG (for blocking incoming and outgoing traffic based on IP address or domain name), and SquidGuard (URL filter and redirector). I don't know if there are packages for spam or virus filtering, but those would be worth checking out as well. I know the throughput can drop dramatically (up to 10x) when you start running other services, so I'll be interested in hearing how it does.
Thanks for checking it out!
-
@pmk3
So after months of testing with pfsense and fine-tuning. Im please to say that the Ts677 has minimal issue in running the image of Pfsense provided by Qnap. I am currently running Snort (IPS set to security), pfblockNG, and OpenVPN. I have running speed-tests at various points and I can confirm that it does not affect my gigabit connection at all. I was very surprised that it runs flawlessly on 2GB allocated RAM and not needing SSD drives.Atop of that I was able to run Plex, syncing services, setting virtual drives. The Ts 677 has no issue what is thrown at it. What I really appreciate of this server is the 4 ports in which 3 ports can be balanced throughout the network (when it comes to accessing the server internally).
Hope that helps
Specs:
Ts-677 8g
4x 10tb raid 5 (took less than a day to raid sync) -
Great info, thank you!
-
@brother_scud said in pfSense on QNAP NAS:
@pmk3
So after months of testing with pfsense and fine-tuning. Im please to say that the Ts677 has minimal issue in running the image of Pfsense provided by Qnap. I am currently running Snort (IPS set to security), pfblockNG, and OpenVPN. I have running speed-tests at various points and I can confirm that it does not affect my gigabit connection at all. I was very surprised that it runs flawlessly on 2GB allocated RAM and not needing SSD drives.Atop of that I was able to run Plex, syncing services, setting virtual drives. The Ts 677 has no issue what is thrown at it. What I really appreciate of this server is the 4 ports in which 3 ports can be balanced throughout the network (when it comes to accessing the server internally).
Hope that helps
Specs:
Ts-677 8g
4x 10tb raid 5 (took less than a day to raid sync)Thanks so much for the update. Very glad to hear it's working well for you. I had read that pfSense is relatively lightweight (with regard to resource requirements) and your experience seems to bear that out.
I haven't done anything further on this, although I was starting to lean back towards a dedicated appliance for the firewall since it would need to be on 24x7. I wasn't sure I wanted my NAS on all the time since I don't think I would access it all that often. More to think about!
-
Hello,
I run pfSense in a QNAP TS-251+. I upgraded the QNAP to 16GB RAM; in the virtualization station, I have allocated 2GB for the virtualization station itself, 4 GB of RAM as well as 2 out of the 4 cores for the pfSense VM. I did not use the image provided on the QNAP page but the "original" pfSense ISO for installing the VM.
The whole setup works well after some tweaking and experimenting. The QNAP has two physical network adapters. One is connected to my cable internet, the other one to my router (that serves as WLAN repeater only). Both physical network adapters have been assigned a virtual network adapter in QNAP.
I use pfSense as router for establishing my internet connection, DHCP server for the devices in my network, snort and connecting as client to three different VPN servers at the same time.
Since I am living in China, I cannot really say reliable things about the connection speed but the whole setup works well. All my network devices connected via wifi have a VPN connection to the free world; my china devices in the network are blocked via firewall rules from establishing any connections to the outside world.
-
Ran into an interesting issue with the QNAP's default gateway config after switching my router from an external device to virtualized PFSense on the QNAP.
Wondering if anyone else has noticed or run-into this?
My TVS-1282T will no longer acknowledge it's default gateway route now that my "router" has an IP address on the QNAP's own Virtual Switch. There seems to be some additional configuration needed or perhaps a bug with the QNAP OS/config utilities in this regard?
Installed PFSense in a VM on my QNAP NAS using the network topology itemized below. Everything seemed fine until I discovered that the QNAP refused to assign its own default gateway to an IP allocated within a virtual switch config assigned to a VM (for the internal LAN interface to pfSense).
pfSense seems to be operating just fine, everything else on my network can access the configured "default gateway" to the PFSense LAN interface - the only problem came on the QNAP side of things where it is refusing to talk to it's gateway IP anymore, and wouldn't let me confirm/update the setting to the 192.168.4.1 IP since it belonged to a virtual device.The virtual switch
Any suggestions on how to maybe get this working without having to move pfSense to a separate HW device?Physical Topology:
wan: cable modem -> QNAP eth4
lan: switch LAG (ports 21-23) -> QNAP bond0 (eth1+eth2+eth3)QNAP switch config:
virtual switch 1: qnap bond0, static IP on 192.168.4.0/24, gw: 192.168.4.1
virtual switch 4: qnap eth4, no IP config, no dhcp... (assigned dhcp by modem in pfSense)VM network config for pfSense:
Adapter 1 - vmeth0 (virtIO driver) <- QNAP virtual switch 4 (WAN), dhcp via cable-modem
Adapter 2 - vmeth1 (virtIO driver) <- QNAP virtual switch 1 (LAN), static IP 192.168.4.1TIA,
-Fabrizio -
@fabrizior , I'm running into the same problem. Did you ever got this figured out?
-
@ecam nope... with all the other containers, VM, and storage dependencies I have on my qnap array, I decided that it wasn’t the best place to be running my firewall and intrusion-protection (even as a HA backup ) Then there’s the risks trying to keep the interfaces and routing working and isolated while “fighting” with all the
brain-deaderr.. questionable update/config decisions that qnap makes during FW updates such...Decided to dedicate some additional HW instead:
ProtectCLI FW6 Vault Model: FW6C -
Hi fab,
read your post, was your problem that you could no longer access your qnap qts gateway? i posted a possible fix for you
https://forum.qnap.com/viewtopic.php?f=45&t=155315&p=755280#p755280pfsense lan gateway is in pfsense admin web ui Interfaces > LAN (vtnet1)
then the qnap nas OS gateway is located at lan virtual switch (configure this as a static lan ip. you then connect to this ip to access your qnap NAS OS gateway)
make sure neither of these are within your DHCP lan range in pfsense. You can check this in pfsense DHCP server.