Virtualized pfSense working with physical hardware
Hello, I have successfully installed a pfSense instance in a VMM on my Synology Nas.
Currently I have a router in bridged mode and I use pfSense instance for all (pppoe client to my internet provider, firewall, openvpn client for my vpn provider, DHCP server, etc).
In my home network I want the best setup to isolate external network from internal network and I also have the following hardware:
NAS itself with virtualised pfSense (the NAS has only 1 physical LAN)
Fritzbox 7530 (I use it in bridged mode and connect to my VDSL internet provider) and it also serves my home WIFI connection
Asus RT-AC56U (currently not used but I would like to know if I can use it as a managed switch)
A simple not managed switch (5 eth ports)
A raspberry PI 3b (single eth) - currently not used
Which could be the best setup for me?
- connection to my VDSL provider for internet
- connection to my external VPN provider (almost all of my traffic is routed thru VPN)
- internal AP to deliver wifi access to my home devices
- a firewall to protect internal devices and define rules for VPN or WAN connection to internet
- some eth ports for my wired home devices
- have some NAS services exposed to internet for external access (web server, ecc.)
I was thinking about installing pfSense on my ASUS but it does not supporto ARM cpu and I do not want to buy new hardware....
Thank you for every suggestione for my setup....
Gertjan last edited by Gertjan
With a device which has only one ethernet port, you'll be needing a manageable switch.
See here pfsense VLAN one port
Try it out yourself using an old PC hanging around somewhere - as shown in the video.
Can't tell if the Syno VM permits you to build the entire logical circuitry.
Thank you Gertjan. I watched the video.
In the meantime I have been able to set up my ASUS router with DD-WRT transforming it in a managed switch :)
Now, if I am right, I have to connect my fritxbox with 1 port to my Asus (as switch) and tag this with a VLAN for WAN and I will switch off wifi from it and do not connect the other fritzbox ports.
I will tag the other ASUS ports as a different VLAN (and also add wifi to the same vlan) to have separated LAN and WAN networks.
I will connect my NAS with the virtualised pfSense on one LAN port of my ASUS router.
In my virtual pfSense I can set up two different virtual NICs and I have to link them to two different VLAN on pfSense with the same tag I defined in ASUS router.
Is this correct?