Virtualized pfSense working with physical hardware

  • Hello, I have successfully installed a pfSense instance in a VMM on my Synology Nas.
    Currently I have a router in bridged mode and I use pfSense instance for all (pppoe client to my internet provider, firewall, openvpn client for my vpn provider, DHCP server, etc).

    In my home network I want the best setup to isolate external network from internal network and I also have the following hardware:

    NAS itself with virtualised pfSense (the NAS has only 1 physical LAN)
    Fritzbox 7530 (I use it in bridged mode and connect to my VDSL internet provider) and it also serves my home WIFI connection
    Asus RT-AC56U (currently not used but I would like to know if I can use it as a managed switch)
    A simple not managed switch (5 eth ports)
    A raspberry PI 3b (single eth) - currently not used

    Which could be the best setup for me?
    I need:

    • connection to my VDSL provider for internet
    • connection to my external VPN provider (almost all of my traffic is routed thru VPN)
    • internal AP to deliver wifi access to my home devices
    • a firewall to protect internal devices and define rules for VPN or WAN connection to internet
    • some eth ports for my wired home devices
    • have some NAS services exposed to internet for external access (web server, ecc.)

    I was thinking about installing pfSense on my ASUS but it does not supporto ARM cpu and I do not want to buy new hardware....

    Thank you for every suggestione for my setup....


  • Hi,

    With a device which has only one ethernet port, you'll be needing a manageable switch.
    See here pfsense VLAN one port

    Try it out yourself using an old PC hanging around somewhere - as shown in the video.

    Can't tell if the Syno VM permits you to build the entire logical circuitry.

  • Thank you Gertjan. I watched the video.

    In the meantime I have been able to set up my ASUS router with DD-WRT transforming it in a managed switch :)

    Now, if I am right, I have to connect my fritxbox with 1 port to my Asus (as switch) and tag this with a VLAN for WAN and I will switch off wifi from it and do not connect the other fritzbox ports.

    I will tag the other ASUS ports as a different VLAN (and also add wifi to the same vlan) to have separated LAN and WAN networks.

    I will connect my NAS with the virtualised pfSense on one LAN port of my ASUS router.
    In my virtual pfSense I can set up two different virtual NICs and I have to link them to two different VLAN on pfSense with the same tag I defined in ASUS router.

    Is this correct?