Hosting services in pfSense
-
Is it possible and/or recommended to install services like a HTTP-server and some other services in pfSense operating system? For example nginx is available (it looks like apache is missing...), bhyve is available from the packages to install for example Linux and jail subsystem would be good to evaluate.
Are the packages or configuration deleted in updates or are the processes stopped? How about the virtual-machine support, can I install VM:s in pfSense?
-
@nunu First and foremost, pfSense is a firewall; so, you would need a highly compelling reason why you want to do that and even then most would frown on the notion. Install VM in pfSense ...that's the craziest idea; however, don't ask us to show you how.
-
@nollipfsense An option is to install a FreeBSD and loose the web interface. I can get the point, the firewall itself has connections open everywhere. The x86:s are quite big in home use and there is no ARM community version.
It looks like the init system is the same. rc.conf is missing. How are the services installed?
-
-
How about installing as a virtual machine? For example bhyve is available from packages. If the service was a VM, is it possible to block the traffic from the VM?
The other way around, I don't understand how pfSense could be installed as a virtual machine, how is it able to use the hosts interfaces?
@nollpfsense How are the services started then? Is it something in the package?
-
@nunu said in Hosting services in pfSense:
How are the services started then? Is it something in the package?
It's all open ^^ I'll give you a hint : /usr/local/etc/rc.d/
@nunu said in Hosting services in pfSense:
how pfSense could be installed as a virtual machine
Have one running @home in a Hyper-V VM Win Pro as my main router/firewall.
Just slap some NICs in your desktop, assign a LAN NIC so your other local devices can join, a WAN NIC that goes to your ISP-whatever-connection-device-plug and done.Btw : pfSense has all the doc freely available on te net. Did you saw it ? There are several VM examples.
@nunu said in Hosting services in pfSense:
For example nginx is available (it looks like apache is missing...)
And before, we had lighttpd as the web GUI server.
I never understood why it's now nginx - or, why not, apache, as these are industrial strength web servers. The web server of pfSense is used, ones in a while, by just one person, the admin. Not half a million. -
The easiest in the home/home office use would be to settle to use a smaller device. ARM is supported if it is compiled from community sources. Is it possible to get ARM pkg updates even if compiled from a community edition?
At least the bhyve has a setting if the VM should start automaticly. This must be the type2 not recommended, hosted VM.
-
@nunu So, you wanted to run pfSense as a VM or did you wanted to install a VM unto pfSense? If it's the former, there are several examples available as Gertjan pointed out. I learned pfSense by installing it on a VirtualBox VM then, graduated to a dedicated hardware later.
-
I run pfsense in nothing but VM's.
Running it bare metal has so little to offer performance wise compared to the flexibility of vm's and the scalability
-
@cool_corona said in Hosting services in pfSense:
Running it bare metal has so little to offer performance wise
While I agree with you if you have a decent VM host hardware. Flexibility and scalability can not be beat with some decent VM hardware.
Where hardware wins hands down is maintaining connection when you have to do maint on your VM host ;)
There are way more things that happen from a maint point of view that require VM host reboot compared to a little box just being the firewall.
When I up'd my internet connection speed, my old vm host couldn't do it. So I had a choice upgrade to a beefier VM host.. Or downsize my whole vm thing, and break out router to hardware. While I do miss the ease of playing with snapshots of latest and greatest pfsense without a care in the world, because could always just boot the snapshot I took on the host if something went wrong. I do like now being able to reboot my nas (has vms and dockers on it - none of which are resource hogs or required for my network to function).. And still have full connectivity.
And I can still play with pfsense on a VM if want to play with latest dev version or test a snapshot version, etc.
And while if you understand VM networking, etc. It not difficult to use a VM running on your host for your firewall/router for your whole network.. It is a bit more complex than just booting some hardware and plugging in wires..
I ran pfsense as VM for many years - and it worked great.. But hardware for your router/firewall does have some advantages for sure. It really comes down to skill set of user, what hardware they have or are willing to purchase.
Either way works.. I would be hard pressed to find a reason to go back to doing it on a VM though.. But if I was more into VMs and had hardware with the spare cycles on the host - sure I would run it on VM again.
-
I run everything on Super Micro 5019D in several variants.
Started with old IBM X3650m3's that cost close to nothing with redundant power and bulletproof performance.
I run them all in vmware clusters and always more than one way in so I can manage everything remote despite one of them going down.
DRS takes care of the performance clusterwise
-
@cool_corona said in Hosting services in pfSense:
Super Micro 5019D
And how much did you pay for that? ;)
There is a big difference between that hardware and say my ds918+ nas that currently running vms and dockers on.. hehehe
Like I said if you have the hardware, then yeah its very desirable setup.. Especially if you have a HA cluster ;) heheheh -- Sorry but do you think the OP has that skill set or hardware from how they are talking about running VMs on their pfsense hardware? ;) Really??
-
What open source virtual machine would you recommend if the host os was FreeBSD?
The pricepoint looks nice looking at the Netgate consumer products and I'm sure if someone is buying new consumer hardware would find a good solution from those. Nice package, good software and enough hardware, low power.
I have tried installing pfSense just yesterday in an old ARM64 device. If the /etc was copied from the x86 the device just deleted every file in the disk. Is pfSense a community edition? How do you install the pfSense in an ARM system?
with best regs, nunu
-
Compile your own image for that specific system complete with all the required hardware details and customisations. Then flash it.
In reality, unless you're an experienced developer with both ARM and FreeBSD, you don't.
Each of the ARM devices we have built images for required significant development effort.
Steve