New wiki for seting up pfSense in VMWare under windows
-
Great addition Pootle. ;D.
What would you recommend for dual-homed Win2k3 servers?
Dual homed means one NIC for the internal network and one NIC or more for the external network.The Win2k3 has its own Router FW DNS DHCP etc. Would you connect the pfSenseVM to a virtual IP in the Win2k3? Currently the pfsensebox is on the external NIC.
-
What would you recommend for dual-homed Win2k3 servers?
The Win2k3 has its own Router FW DNS DHCP etc. Would you connect the pfSenseVM to a virtual IP in the Win2k3?
Vescovo, The server I am using is effectively dual homed (although the internet side has 2 separate NICs and subnets). I wouldn't like to do this unless the box between the w2k3 server and the internet is giving some form of protection already, even though the w2k3 box has only VMWare network services running on the external NIC.
This means that the only IP address that external NIC responds to is the one that pfSense has on that interface through VMWare - is this what you mean by a virtual IP?
I am running a Linksys AM200 which is still NATing although I have SPI turned off. It forwards everything incoming to pfSense which decides what to do with it.
Currently the pfsensebox is on the external NIC.
I'm not sure I get this Vescovo. Do you already have pfSense in a VM in the w2k3 box? Or is it in its own box?
-
The following is a diagram of the system. The pfsense box is on physical CPU running freeBSD. Both Wan modem routers have active spi and FW/NATs. The win2k3s have DHCP, DNS, FW/routers
The second image is what I was thinking of. Both server1 and server2 would be running win2k3 with VM. The win2k3 output that normally was directed to the external NIC on image-1 would be directed to where on image-2 ? That NIC then would forward it to the pfSenseVM where ?
What was the performance like running pfSenseVM versus a normal box.
-
Hi Vescovo, In diagram 1 your pfSense box has 4 NICs is that right? (Wan1, Wan2, DSL and priv WAN).
Also what role do server 1 and server 2 play in connecting PRIV WAN to LAN?
I assume you are going to use carp to failover between pfSesne running in server 1 and server 2 in diagram 2? I have never used carp, so can't help you with that
If your DSL connection is via ethernet, then it can be connected to both server 1 and server 2. If it is a USB device, then you should still be able to pick it up in the VMWare VM, but only in 1 server. Also I do not know it pfSense in a VM will pick it up successfully - you will have to try it.
I've never run pfSense on a physical machine, so I don't know how it compares to running in a VM. Typical latency through pfsense to my modems is 16ms.
As regrards performance, VMWare is not recommended for high volume network traffic, but that normally refers to big web servers with lots of internet bandwidth. I run on an AMD Sempron 64 (socket AM2) and CPU utilisation does get up to 50% for the pfSense VM occasionally (mostly it runs at less than 10%), so I think you need to test this to see how it goes.
Hope this helps.
-
Hi Vescovo, In diagram 1 your pfSense box has 4 NICs is that right? (Wan1, Wan2, DSL and priv WAN).
It does hae 4 NICs. DSL- 2 NICs Cable - 1 NIC and LAN (PRIV WAN) on the last one.
Also what role do server 1 and server 2 play in connecting PRIV WAN to LAN?
This is a typical win2k3 dual homed configuartion where all internet access has to go thru server1 or server2. Both servers have their own internal software FW/routers etc and control what traffic is allowed in and out.
I assume you are going to use carp to failover between pfSesne running in server 1 and server 2 in diagram 2? I have never used carp, so can't help you with that.
Both Servers are active at the same time.
If your DSL connection is via ethernet, then it can be connected to both server 1 and server 2. If it is a USB device, then you should still be able to pick it up in the VMWare VM, but only in 1 server. Also I do not know it pfSense in a VM will pick it up successfully - you will have to try it.
All connections are ethernet. The Wan1 and Wan2 links have 4 port switches so up to 4 servers could be attached to each of wan1 and wan2.
Your performance information was quite interesting. Your hardware is quite good and the information you provided is very helpful. Base on your numbers, the overhead is certainly too high to run the VMware in each server. Keep up the good documentation.
:) -
Nice work Pootle
-
Good tutorial. I performed the same setup (before reading this) with 1.2 beta 2, and I couldn't get the WAN to pick up an IP. I then did the same with 1.2 beta 1, (while following your instructions) and it worked out alright.
So, I'm not too sure if the issue is with beta 2, or my methodology.
-
tacfit, I'm running beta 2 now and have no problems…..
1.2-BETA-2
built on Mon Jul 2 20:14:07 EDT 2007 -
Pootle, please email coreteam@pfsense.com with a username / password for our new wiki.
Also, the old docs site is at http://olddoc.pfsense.org/index.php/Main_Page so we can start transferring items over.
-
Pootle, please email coreteam@pfsense.com with a username / password for our new wiki.
Also, the old docs site is at http://olddoc.pfsense.org/index.php/Main_Page so we can start transferring items over.
Oh! just found this - sorry missed the email, but back in business now.
Thanks