Virtual pfSense and Gaming

  • Hi all,

    I'm in the process of setting up a pfSense router at home for my hobbying purposes, but also as a main router/firewall for the home network.

    I have a 100/100 mbit fiber internet connection, which will be connected to the WAN port of the pfsense box only. On the other end I have a bunch of PCs and other devices (i guess around 20 in total), and the Xbox 360.

    The most important thing here is that the latency from the Xbox 360 to the internet is minimal, so gaming is pleasurable. I might also want to start gaming on one of my PCs, in which case also that should get minimal latency. I will also be running one or more gameservers, which naturally must have minimal latency.

    I also want to maximize throughput so I can make use of as much as the 100 mbits (or 200, not sure) as possible.

    To this end, I have invested in decent hardware. For a reasonable amount I was able to get a DFI SLI motherboard (socket 939) with built in Gigabit port, and 2 dual-gigabit pci-express Intel adapters (for a total of 5 ports). I have yet to obtain a suitable CPU but I don't expect that to be of any influence.

    Because of this overkill-grade hardware, I'd like to know if I can run other applications on the same machine as well. The most straightforward way would be to run some kind of host OS on the machine with pfSense virtually. However, I need to be sure that I can still reach very high throughputs with negligible lag for gaming. Host OS doesn't matter to me, I'm willing to try anything new if it performs better. Ideally I'd run it without a gui, as the machine will be headless anyway and I could always use VNC to connect to virtual applications with a graphical interface. I plan to manage the machine using SSH for the host and the web-interface for pfSense. I would like pfSense to manage all 5 ports (3 for LAN, 1 for DMZ, and 1 for WAN).

    So in a nutshell: Is it even possible to run pfSense virtually with no lag and high throughputs? If so, what host should I use? And is there anything I should pay attention to when looking for a Socket 939 CPU?

  • Well first off welcome to the pfSense community.

    Yes pfSense can be run virtually. I personally have a server running vmware esxi running multiple systems, one being a pfsense installation acting as a firewall for the rest of the virtual machines. With that said, I am not running any gaming servers but I am running a webserver, mail server and database server and I don't have any problems.

    pfSense is very capable of high throughput, its only really limited by the hardware.

    Check out the hardware sizing guide:

    At this point, giving it a try is the only real way to determine whether or not it will work. If you run virtually make sure you give it enough resources to do its job.

    With the 360 you are also going to want to do Advanced Outbound NATing on port 3074 I think so that you avoid falling into their Strict NAT classification which can impede 360 gaming online.


  • Make sure that your processor supports virtualization or it not going to work at all.  I using a quad phenon 2.5 GHZ processor.  It awesome and I never been able to get 50% across all 4 processors.  Even with 6 VM's running and 6 GB ram used the processors never hit more that 45%.

    Great processor!

  • According to what i've researched there are no Socket 939 processors that support AMD-V.

    So that means it's end of story for virtualization until I get a suitable motherboard, right?

  • I think so.

  • I decided to give it a try anyway and install pfSense in Virtualbox on an OpenSolaris host running on a Athlon64 3000+ Socket 939 CPU. This way I can use the same machine as my fileserver, which is very convenient as the motherboard I got has 8 S-ATA ports and plenty of PCI-e slots. I'll let you know how it goes when I get everything set up.

  • Hardware virtualisation - yes.  Software based however, that's still a possibility.  Try VMWare's Server edition - there are posts here about running pfSense in VMWare (even if a virtual firewall isn't as secure as a physical one).

  • You most definitely can use virualisation on a box without AMD-V (or Intel VT).  ESXi is perfectly happy running on socket 940 Opterons - these are essentially the same processors as the Athlon64 and have been running for (literally) years.  If you think about the timeline - VMWare existed before the vitualisation extensions…

    You could also play with XenServer although that is restricted to *NIX (no windows) on a CPU without AMD-V / Intel VT.

Log in to reply