Tournament Setup using pfSense



  • Dear pfSense forums,

    We (my group and I) have been put in charge of hosting a "LAN Event", basically a 12-hour event wherein we will host tournaments that local teams can sign up for and compete against each other in. A poll showed an interest of about 40 people and the team sign-ups tell a similar tale. Some of the games (like League of Legends for example) needs an internet connection to allow people to log in and thus we need to provide internet to about 40-50 people.

    We've been assigned a D:100/U:100 Mbit line, from within a larger network, with unrestricted firewall access. This line is being provided to us via a Static IP address. This is the setup we've proposed so far: We want to run pfSense of the Supermicro X7SPA-H-D525 Mini-ITX Server (http://www.supermicro.com/products/motherboard/ATOM/ICH9/X7SPA-H-D525.cfm), which has an included 1.8 GHz CPU, 4GB of RAM and a small HDD to allow an install of pfSense (we will initiate this installation with a USB drive). On the X7SPA there are two NICs installed per default. We want the first to act as a WAN adaptor (in the pf'Sense'), acquiring internet through our static IP. We want the second adapter to act as a LAN adaptor (in the pf'Sense'), sharing the internet connection to a 48-port switch. We will then add a third NIC and pair it with an TEW-637AP Access Point (http://trendnet.com/products/proddetail.asp?status=view&prod=155_TEW-637AP). This third NIC will act as the WLAN/OPT1 adapter (in the pf'Sense') and will receive it's internet connection from the WAN adapter while also being visible to the LAN clients (LAN and WLAN clients are able to "see each other"). This build follows a guide, seen on: smallnetbuilder.com (http://www.smallnetbuilder.com/security/security-howto/31406-build-your-own-ids-firewall-with-pfsense?showall=&start=1). I've attached a picture of the setup we're interested in.

    Our question to you will be the following:

    • Is this setup even feasible for the kind of network we want to set up? Do we need a larger machine, etc.? If it is feasible, then:…

    • Will the default installation of pfSense provide requirements we need for this machine and network? As in,…

    • Will we need to setup special rules to allow internet sharing from the WAN adapter to the LAN/OPT1? Or maybe…

    • Do we need to bridge any of the NICs for it to attain some of the wanted connections? And lastly,…

    • What is the capacity for a machine like this? How many clients can we have connected to the internet simultaneously with this setup? (we have about 38 wired clients and 6 wireless clients reported so far)

    I hope you are able to provide me with the answers that I need. I've looked at various guides at setting up a particular setup like this and also at other pfSense Forum Threads, but I want to have a confirmation other than my own from you guys before we invest in a setup like this (we've been granted a fund to build a Tournament Event network setup).

    Thank you for reading,
    Toby



  • Is there anyone capable of helping me on this issue, maybe answer the questions? Just look at the picture and the questions. The text provides details.



  • @kxx:

    (….)
    Our question to you will be the following:

    • Is this setup even feasible for the kind of network we want to set up? Do we need a larger machine, etc.? If it is feasible, then:…

    The most traffic will never pass pfsense but only the switch if the gamers play on LAN. Nevertheless the sizing of the machine is only dependent on the internet speed. The sizing guide says:
    51-200 Mbps - No less than 1.0 GHz CPU
    So in your case there shouldn't be any problems for pfsense (your hardware) to get full internet speed.

    • Will the default installation of pfSense provide requirements we need for this machine and network? As in,…

    I don't think so.

    • Will we need to setup special rules to allow internet sharing from the WAN adapter to the LAN/OPT1? Or maybe…

    The default installation of pfsense provides NAT on WAN port. This is ok. You just should create an "Allow any to any " firewall rule on LAN and OPT1 (wireless) interface.You need DHCP enabled on LAN,OPT1 Interface. You need DNS Forwarder enabled. So both networks can communicate with each other. But read following question/answer…

    • Do we need to bridge any of the NICs for it to attain some of the wanted connections? And lastly,…

    From LAN parties I participated on many years ago I know that there are games which are using broadcasts to find a server/client. So it would make sense to bridge wire LAN and wireless LAN together. But it would be easier if you just plug in the WLAN AP into the switch instead configuring an extra NIC in pfsense, bridge these NICs and so on because all traffic between LAN and WLAN has to pass pfsense. If you plug it into the switch than all will be handled by the switch.

    • What is the capacity for a machine like this? How many clients can we have connected to the internet simultaneously with this setup? (we have about 38 wired clients and 6 wireless clients reported so far)

    I think this is answered with your first question.
    (….)

    I hope this will help you.



  • @Nachtfalke:

    From LAN parties I participated on many years ago I know that there are games which are using broadcasts to find a server/client. So it would make sense to bridge wire LAN and wireless LAN together. But it would be easier if you just plug in the WLAN AP into the switch instead configuring an extra NIC in pfsense, bridge these NICs and so on because all traffic between LAN and WLAN has to pass pfsense. If you plug it into the switch than all will be handled by the switch.

    In that scenario the game-server would be in the same broadcast domain with the (potentially 100s) game-clients.

    Wouldn't it be a good idea (if possible, depending on the game's client-server architecture) to put the game-server on OPT1, so you can filter/shape traffic to it?



  • @Nachtfalke:

    I hope this will help you.

    Thank you so much for a detailed answer, I was getting worried. I know it is a lot to ask, to troubleshoot a larger network like this, and I really want to thank you for your time taken in answering the questions. I'm sorry if I come off as arrogant or if I seem like a "smart ass". I want you to know, that I'm really new at setting up networks like these and I really only have experience from setting up home networks (and that's using pre-installed "easy mode" routers). I really love that you took time to answer these questions, it's really helpful! I think we might get our fund approved now for the setup!

    @Nachtfalke:

    The most traffic will never pass pfsense but only the switch if the gamers play on LAN. Nevertheless the sizing of the machine is only dependent on the internet speed. The sizing guide says:
    51-200 Mbps - No less than 1.0 GHz CPU
    So in your case there shouldn't be any problems for pfsense (your hardware) to get full internet speed.

    Some of the games are hosted online (e.g. League of Legends), which means clients connect through the game client to a remotely hosted game server (this requires internet). This means that all of the clients at the event will require an internet connection. But you say this traffic will be handled by the switch? So the pfsense machine essentially just deals the DHCP addresses? I'm not very good at this…

    Now, on the OPT1 NIC...

    @Nachtfalke:

    From LAN parties I participated on many years ago I know that there are games which are using broadcasts to find a server/client. So it would make sense to bridge wire LAN and wireless LAN together. But it would be easier if you just plug in the WLAN AP into the switch instead configuring an extra NIC in pfsense, bridge these NICs and so on because all traffic between LAN and WLAN has to pass pfsense. If you plug it into the switch than all will be handled by the switch.

    The only real "LAN"-game we're going to be utilizing would be Warcraft III and Counter Strike (both Source and 1.6, but both use the same ways of finding hosts). For example, I think WC3 hosts the game at the assigned internal IP (given by DHCP, of course) at port 6112 and other WC3 clients within the subnet (e.g. host is at 192.168.1.100, then client at 192.168.1.101) is able to see the game. Afaik, wouldn't bridging the OPT1 and LAN adapters allow clients from the 192.168.2.x (assuming OPT1 deals DHCP addresses from 192.168.2.x-xxx and that host is still at 192.168.1.100) to see the game? I'm not a 100% sure, but of course we could add the wireless AP to the switch, it'd make things easier. But how are we going to configure the AP then (ssid, etc.)? (It should be mentioned that there are tools [e.g. "WarCraft 3 Proxy"] that forces the client to scan for games at a custom host IP and port, but we'd rather be able to use the in-game clients ability to find games)

    For Counter Strike, it's pretty much the same deal: host game at assigned DHCP address on port 27015, other clients within same subnet are able to see the game. Here, we there's also the possibility to force a connect to a certain IP (e.g. to connect to games not found through the LAN scanner, since I believe it's restricted to scan within the same subnet).

    @dhatz:

    In that scenario the game-server would be in the same broadcast domain with the (potentially 100s) game-clients.

    Wouldn't it be a good idea (if possible, depending on the game's client-server architecture) to put the game-server on OPT1, so you can filter/shape traffic to it?

    Well, there's still the problem of getting clients from LAN adapter to see the game, unless of course you bridge them. But at max we will see about 20 clients, with 1 host, in a single LAN game (e.g. a game of WC3 or Counter Strike). Most players are interested in League of Legends and it is not hosted on LAN.

    Merry X-mas



  • @kxx:

    Dear pfSense forums,

    We (my group and I) have been put in charge of hosting a "LAN Event", basically a 12-hour event wherein we will host tournaments that local teams can sign up for and compete against each other in. A poll showed an interest of about 40 people and the team sign-ups tell a similar tale. Some of the games (like League of Legends for example) needs an internet connection to allow people to log in and thus we need to provide internet to about 40-50 people.

    We've been assigned a D:100/U:100 Mbit line, from within a larger network, with unrestricted firewall access. This line is being provided to us via a Static IP address. This is the setup we've proposed so far: We want to run pfSense of the Supermicro X7SPA-H-D525 Mini-ITX Server (http://www.supermicro.com/products/motherboard/ATOM/ICH9/X7SPA-H-D525.cfm), which has an included 1.8 GHz CPU, 4GB of RAM and a small HDD to allow an install of pfSense (we will initiate this installation with a USB drive). On the X7SPA there are two NICs installed per default. We want the first to act as a WAN adaptor (in the pf'Sense'), acquiring internet through our static IP. We want the second adapter to act as a LAN adaptor (in the pf'Sense'), sharing the internet connection to a 48-port switch. We will then add a third NIC and pair it with an TEW-637AP Access Point (http://trendnet.com/products/proddetail.asp?status=view&prod=155_TEW-637AP). This third NIC will act as the WLAN/OPT1 adapter (in the pf'Sense') and will receive it's internet connection from the WAN adapter while also being visible to the LAN clients (LAN and WLAN clients are able to "see each other"). This build follows a guide, seen on: smallnetbuilder.com (http://www.smallnetbuilder.com/security/security-howto/31406-build-your-own-ids-firewall-with-pfsense?showall=&start=1). I've attached a picture of the setup we're interested in.

    Our question to you will be the following:

    • Is this setup even feasible for the kind of network we want to set up? Do we need a larger machine, etc.? If it is feasible, then:…

    • Will the default installation of pfSense provide requirements we need for this machine and network? As in,…

    • Will we need to setup special rules to allow internet sharing from the WAN adapter to the LAN/OPT1? Or maybe…

    • Do we need to bridge any of the NICs for it to attain some of the wanted connections? And lastly,…

    • What is the capacity for a machine like this? How many clients can we have connected to the internet simultaneously with this setup? (we have about 38 wired clients and 6 wireless clients reported so far)

    I hope you are able to provide me with the answers that I need. I've looked at various guides at setting up a particular setup like this and also at other pfSense Forum Threads, but I want to have a confirmation other than my own from you guys before we invest in a setup like this (we've been granted a fund to build a Tournament Event network setup).

    Thank you for reading,
    Toby

    I'd just put the Wifi AP on the 48 port switch on the same subnet as the LAN.  That way when playing the LAN games the wifi clients and the LAN clients don't need to traverse the firewall to see each other.

    Also while the server you are planning to use for pfsense should work I'd personally go with something with a bit more muscle as gamers start to revolt if their ping times start going up.

    Also depending on the games and such having Squid running can help considerably.



  • @kxx:
    I didn't recognize that the most of these games need internet connection.

    But the easiest and best thing to structure this network is:
    Put all, the wired users, the servers and the WLAN AP on the same switch or same network if you use more switches. They all should get an IP from the same subnet like 192.168.10.0/24.
    So you just need one LAN interface on pfsense.
    If the gamers want to play games which need online access then the pfsense will handle that traffic.

    Do NOT put gameservers on an extra subnet - thats good for security reasons in a company (DMZ) but on a LAN party it is nonsense. You need low pings and if the traffic has to pass the pfsense router first the pings normally increase.

    And again to explain the question which traffic passes pfsense and which isnt:
    If someone hosts a game on your LAN and you do not need any internet connection for that THAN all this traffic will only handled by pfsense. Than pfsense isn't unneccessary. The clients communicate only over the switch.

    If the clients NEED internet connection THAN pfsense comes into play.

    PS: Please do not install squid or such stupid things on a LAN party. Not all games like it if you connect through a proxy and it makes no sense to "cache" any data. You want to play and this game data you cannot cache. Forget about squid for that.



  • The Supermicro will suffice for your needs.

    There are a few things you should take note of:

    1. You do not need an OPT connection for wireless clients.  You should connect the AP to the LAN segment. i.e. Connect the AP to the switch so that all clients are on the same subnet.  Some clients can be picky when it comes to traversing different subnets for LAN play even when you manually enter the IP:Port for the server.

    2. You can make do with a straight cable since the pfSense machine is technically a device rather than a switch.  In any case, MDIX will resolve the issue.

    3. Certain games have restrictions on the number of hosts per public IP.  Notably, Battlenet has a restriction of 6 hosts per IP even with unique host ports.  This applies to WC3 only if the game play is negotiated via Bnet.

    4. L.o.L. should have no issues but you might want to enable UPNP on the pfSense router to cater for these games rather than to try to port forward manually per host.

    5)  Games like Counterstrike and WC3 Bnet require port forwarding AND unique host ports per host (server).  You must ensure that port forwarding and static port NAT is enabled (especially true for Steam games).

    1. The NAT reflection feature doesn't work for UDP which is the protocol most of the F2P online games use so you can expect traffic to route out to WAN to the WAN gateway and come back again.  The traffic will not be internally routed.  The true online portion lies with the online authentication and game lobby (matchmaking).
      This may or may not be an issue for you depending on whether you activate the traffic shaper features.  For a 100/100 line, you should not need to use shaping as long as you enforce a strict policy of your users not downloading heavily or torrenting on the connection.


  • @Nachtfalke:

    @kxx:
    I didn't recognize that the most of these games need internet connection.

    But the easiest and best thing to structure this network is:
    Put all, the wired users, the servers and the WLAN AP on the same switch or same network if you use more switches. They all should get an IP from the same subnet like 192.168.10.0/24.
    So you just need one LAN interface on pfsense.
    If the gamers want to play games which need online access then the pfsense will handle that traffic.

    Okay, I think we'll employ this structure then.

    @Nachtfalke:

    If the clients NEED internet connection THEN pfsense comes into play.

    This is what we need, all clients must have internet. So we'll just put a crossed cable from the LAN interface into the 48-port switch, as the first connection. Last time we were able to host a LAN network without any internet using only a switch and the clients.

    @dreamslacker:

    The Supermicro will suffice for your needs.

    There are a few things you should take note of:

    1. You do not need an OPT connection for wireless clients.  You should connect the AP to the LAN segment. i.e. Connect the AP to the switch so that all clients are on the same subnet.  Some clients can be picky when it comes to traversing different subnets for LAN play even when you manually enter the IP:Port for the server.

    Several others have said this now and you're confirming the idea (thank you!). I think we'll take this advice and edit the build.

    @dreamslacker:

    1. Certain games have restrictions on the number of hosts per public IP.  Notably, Battlenet has a restriction of 6 hosts per IP even with unique host ports.  This applies to WC3 only if the game play is negotiated via Bnet.

    If we're going to play WC3 it's going to be through the LAN part, so we will not be using Battle net.

    @dreamslacker:

    1. L.o.L. should have no issues but you might want to enable UPNP on the pfSense router to cater for these games rather than to try to port forward manually per host.

    2. Games like Counterstrike and WC3 Bnet require port forwarding AND unique host ports per host (server).  You must ensure that port forwarding and static port NAT is enabled (especially true for Steam games).

    For 4) That's great to hear, we will enable UPNP. 5) Wouldn't UPNP resolve the problem of having to port forward the hosts ports? Also, both games host on unique ports already. "Static port NAT" is not something that I know about. Also, couldn't we just port trigger the host ports?

    @dreamslacker:

    1. The NAT reflection feature doesn't work for UDP which is the protocol most of the F2P online games use so you can expect traffic to route out to WAN to the WAN gateway and come back again.  The traffic will not be internally routed.  The true online portion lies with the online authentication and game lobby (matchmaking).
      This may or may not be an issue for you depending on whether you activate the traffic shaper features.  For a 100/100 line, you should not need to use shaping as long as you enforce a strict policy of your users not downloading heavily or torrenting on the connection.

    We are not going to shape traffic, but do you think we'll still have a problem with NAT reflection/UDP when it comes to online games?



  • @kxx:

    For 4) That's great to hear, we will enable UPNP. 5) Wouldn't UPNP resolve the problem of having to port forward the hosts ports? Also, both games host on unique ports already. "Static port NAT" is not something that I know about. Also, couldn't we just port trigger the host ports?

    We are not going to shape traffic, but do you think we'll still have a problem with NAT reflection/UDP when it comes to online games?

    UPNP is only used if the game or matchmaking engine supports it.  L.o.L., H.o.N and Counterstrike:Online (diff. from CS 1.6 or CS:S) will be able to make use of this due to the matchmaking engine used.  In this part of the world, LoL, Hon and WC3 typically ride on Garena Messenger which acts not only as matchmaking but also as a form of VPN tunnelling such that the uPNP punches the port for the tunnel and all the gameplay rides inside the tunnel to the matchmaking servers.

    CS 1.6 and/ or CS:Source does not use uPNP and you should manually portforward if you want to allow online connection or have the server recognised as VAC secured (the heartbeat signal is required).

    Static port NAT is different from port forwarding.  Port forwarding is for forwarding a specific port on WAN to the LAN host.  Static Port NAT is outbound forwarding where the LAN host source port (e.g. 27015 for steam servers) is retained on WAN.

    Traffic shaping should not be required since you have lots of bandwidth compared to the amount of clients.  However, you might need it if there are users who abuse the connection for large downloads or video streaming.

    I've been able to put as much as 40 gamers off a 3m/768k connection with traffic shaping on pfSense without any issues before so your 100m/100m connection is more than plentiful for 50 clients.



  • @dreamslacker:

    UPNP is only used if the game or matchmaking engine supports it.  L.o.L., H.o.N and Counterstrike:Online (diff. from CS 1.6 or CS:S) will be able to make use of this due to the matchmaking engine used.  In this part of the world, LoL, Hon and WC3 typically ride on Garena Messenger which acts not only as matchmaking but also as a form of VPN tunnelling such that the uPNP punches the port for the tunnel and all the gameplay rides inside the tunnel to the matchmaking servers.

    CS 1.6 and/ or CS:Source does not use uPNP and you should manually portforward if you want to allow online connection or have the server recognised as VAC secured (the heartbeat signal is required).

    I see, but is this also necessary if we're just hosting CS 1.6 / CSS games locally?

    @dreamslacker:

    Static port NAT is different from port forwarding.  Port forwarding is for forwarding a specific port on WAN to the LAN host.  Static Port NAT is outbound forwarding where the LAN host source port (e.g. 27015 for steam servers) is retained on WAN.

    Is this hard to setup in pfSense (port forwarding and static port NAT)?

    @dreamslacker:

    Traffic shaping should not be required since you have lots of bandwidth compared to the amount of clients.  However, you might need it if there are users who abuse the connection for large downloads or video streaming.

    Hmm, we might have video streaming (through YouTube) but we have explicitly told people not to use torrent. But, given our huge bandwidth, do you recon that the network will be strained if people are streaming video?

    @dreamslacker:

    I've been able to put as much as 40 gamers off a 3m/768k connection with traffic shaping on pfSense without any issues before so your 100m/100m connection is more than plentiful for 50 clients.

    Yeah, our network administrator said that we'd been granted a huge line and that this was more than necessary, but he was just being kind :-)

    Merry X-Mas, thanks for the answers! I think we're definitely going to get the fund for this setup granted.



  • @kxx:

    I see, but is this also necessary if we're just hosting CS 1.6 / CSS games locally?

    Is this hard to setup in pfSense (port forwarding and static port NAT)?

    Hmm, we might have video streaming (through YouTube) but we have explicitly told people not to use torrent. But, given our huge bandwidth, do you recon that the network will be strained if people are streaming video?

    Merry X-Mas, thanks for the answers! I think we're definitely going to get the fund for this setup granted.

    1)  You shouldn't need to if the games are purely on LAN unless there is a need for achievements or VAC secure.

    2)  It's similar to most other routers configuring for Port forward.  Static Port NAT works similarly except in the reverse direction.  Plenty of guides on this in the Games sub-forum

    3)  With that much bandwidth, you're unlikely to have an issue since most of your games are hosted locally (or at most up to the WAN gateway).



  • Maybe a bit late in the discussion, but this might help you:
    http://forum.pfsense.org/index.php/topic,32700.msg169054.html#msg169054



  • @GruensFroeschli:

    Maybe a bit late in the discussion, but this might help you:
    http://forum.pfsense.org/index.php/topic,32700.msg169054.html#msg169054

    That sounds kinda overkill for a smallish LP ~40-50 users.

    The antivirus part is important though.

    Past LP's I've helped out in, we had similar and more measures in place.  Including allowing only headsets (since we were holding parties in houses and didn't need neighbours complaining), checking of antivirus and also, verifying power consumption usage of the rigs.
    The last part started after we had power trips when people started bringing in heavily overclocked dual-opterons and overloaded the grid.

    Other funny issues we had were people spilling coffee onto powerstrips and tripping the circuit breakers.  Since then, we enforced having all powerstrips stuck on to the bottom of the tabletop especially since the incident took out a linux fileserver cum gameserver and we lost the 12 drive raid array.



  • @dreamslacker:

    1. You shouldn't need to if the games are purely on LAN unless there is a need for achievements or VAC secure.

    That's what I thought. We wouldn't want people from outside connect to our tournament game either ;)
    But still, games like League of Legends and Heroes of Newerth require a constant internet connection. In either case, we'd like that every client has internet access in case they'd want to use Skype, TeamSpeak, etc. as a means of communication. This only means that we won't be forwarding the CS/:S ports.

    @dreamslacker:

    1. It's similar to most other routers configuring for Port forward.  Static Port NAT works similarly except in the reverse direction.  Plenty of guides on this in the Games sub-forum

    2. With that much bandwidth, you're unlikely to have an issue since most of your games are hosted locally (or at most up to the WAN gateway).

    Okay, that's great to hear!  :)

    @GruensFroeschli:

    Maybe a bit late in the discussion, but this might help you:
    http://forum.pfsense.org/index.php/topic,32700.msg169054.html#msg169054

    Thanks, I'll look into it!



  • @Nachtfalke:

    <snipped>PS: Please do not install squid or such stupid things on a LAN party. Not all games like it if you connect through a proxy and it makes no sense to "cache" any data. You want to play and this game data you cannot cache. Forget about squid for that.</snipped>

    In my prior experience a lot of LAN parties involve downloading drivers, games, game levels, etc.  All of these work well coming from Squid and can reduce the bandwidth usage a lot.



  • @jwelter99:

    @Nachtfalke:

    <snipped>PS: Please do not install squid or such stupid things on a LAN party. Not all games like it if you connect through a proxy and it makes no sense to "cache" any data. You want to play and this game data you cannot cache. Forget about squid for that.</snipped>

    In my prior experience a lot of LAN parties involve downloading drivers, games, game levels, etc.  All of these work well coming from Squid and can reduce the bandwidth usage a lot.

    We've been given a very large bandwidth and because of this I'm willing to not install Squid. It simplifies the network setup and I don't really see it necessary.



  • We usual provide a "public" r/w fileserver which is intended to store all updates, maps, ect. for everyone.
    If something is missing anyone can upload it.



  • @GruensFroeschli:

    We usual provide a "public" r/w fileserver which is intended to store all updates, maps, ect. for everyone.
    If something is missing anyone can upload it.

    Well, considering that we're going to have a large amount of bandwidth and a "larger-than-needed" machine to handle the connections, is it possible to also setup a file hosting server that runs simultaneously with pfSense? I was thinking something like a simple HTTP or FTP server, nothing fancy. It is running on Linux, so maybe we could provide a 3rd party app to run on the kernel that pfSense provides?



  • @kxx:

    Is it possible to also setup a file hosting server that runs simultaneously with pfSense? I was thinking something like a simple HTTP or FTP server, nothing fancy. It is running on Linux, so maybe we could provide a 3rd party app to run on the kernel that pfSense provides?

    Does anyone know if this could be accomplished using on of the addons for pfSense?



  • @kxx:

    @kxx:

    Is it possible to also setup a file hosting server that runs simultaneously with pfSense? I was thinking something like a simple HTTP or FTP server, nothing fancy. It is running on Linux, so maybe we could provide a 3rd party app to run on the kernel that pfSense provides?

    Does anyone know if this could be accomplished using on of the addons for pfSense?

    I "fileserver-tool" is not a common package what should be used on a firewall.
    Something similar to pfsense is "freenas".
    http://www.freenas.org/

    You can use "Proxmox"
    http://www.proxmox.com/
    as virtualization basis. Then virtualize pfsense for routing and freenas as storage system.



  • @Nachtfalke:

    I "fileserver-tool" is not a common package what should be used on a firewall.
    Something similar to pfsense is "freenas".
    http://www.freenas.org/

    Silly me, of course not! FreeNAS looks like it's what we'll need! Thank you for that!

    @Nachtfalke:

    You can use "Proxmox"
    http://www.proxmox.com/
    as virtualization basis. Then virtualize pfsense for routing and freenas as storage system.

    To me, Proxmox appears as a Mail Gateway. How could I use it to virtualize pfsense and freenas? Also, what does "virutralize" mean? :P



  • @kxx:

    @Nachtfalke:

    (…)
    To me, Proxmox appears as a Mail Gateway. How could I use it to virtualize pfsense and freenas? Also, what does "virutralize" mean? :P

    :P

    http://www.proxmox.com/products/proxmox-ve



  • @Nachtfalke:

    http://www.proxmox.com/products/proxmox-ve

    I wasn't even looking for that, thank you! The machine we're building for our network doesn't have a harddrive.
    How would you go about installing Proxmox, FreeNAS and pfSense? Extract the files like so?:

    
    G:\ [USB drive root]
      |
      +pfSense--- [folder]
         |
         |... [files from pfSense image]
      +FreeNAS--- [folder]
         |
         |... [files from FreeNAS image]
      +Proxmox---  [folder]
         |
         |... [files from Proxmox image]
    
    

    then mount the USB drive and … ? The HDD is blank from install, so I don't know how I am going to do something like this.



  • usb-drive? i wouldn't even dream about running virtualhost with two clients on usb-drive. It just taste like bad christmas meal



  • @Metu69salemi:

    usb-drive? i wouldn't even dream about running virtualhost with two clients on usb-drive. It just taste like bad christmas meal

    The install will be from an usb-drive, as in, we will boot from an usb drive to install different things. The installation itself will be on a hard drive (as mentioned in my original post).



  • aah ok, I haven't used Proxmox-ve by myself so i don't know if it supports or not installing from usb-drive


  • Netgate Administrator

    You could try this:
    http://code.google.com/p/pfsense-cacheboy/wiki/Pfsense_Samba
    Though I haven't tried it and I can't recommend it!  ::)

    Steve



  • Is there a special reason why you want to have everything on the same machine?
    Keep everything as simple as possible.
    I bet you have somewhere a 5 year old machine lying around that noone uses.
    It doesn't have to be fast, just be able to serve files :)



  • @GruensFroeschli:

    Is there a special reason why you want to have everything on the same machine?
    Keep everything as simple as possible.
    I bet you have somewhere a 5 year old machine lying around that noone uses.
    It doesn't have to be fast, just be able to serve files :)

    After realizing that the built-in CPU doesn't even support Proxmox VE (due to the lack of VX-T on the Intel Atom), I decided that we'll just run the fileserver on another machine. The reason why I wanted to have things on one machine was because that the machine we're building has the capacity to support it, albeit not the hardware requirements. Plus, it makes things look neat! :-)

    Also: I managed to get both pfSense and FreeNAS up and running in a virtual environment yesterday, although the pfSense wasn't running as I wanted it to (because I only have 1 NIC in my computer). But still, things are looking brighter and brighter! I'm actually excited for this project: Getting the budget approved, ordering the hardware, having it delivered, installing, configuration… Everything! I really look forward to the setting up the hardware and installing pfSense, it actually excites me!



  • @stephenw10:

    You could try this:
    http://code.google.com/p/pfsense-cacheboy/wiki/Pfsense_Samba
    Though I haven't tried it and I can't recommend it!  ::)

    Steve

    Although it looks like the exact thing that I'd want, I've decided to just run the FreeNAS fileserver on a separate machine.


  • Netgate Administrator

    Good decision.  :)

    Steve



  • @stephenw10:

    Good decision.  :)

    Yeah, I figured since I already knew how to setup FreeNAS that it wouldn't be a problem running it from another machine. By the way, I tried installing the pfSense-Mamba in my Virutal Machine setup of pfSense… Turns out the whole installation will fail, as the requested package repository is offline (seems to have been permanently removed).



  • I would suggest you also set your self up a free opendns account and turn on most of the options.

    Two reasons, it will help you control your users in the form of stopping them accessing high bandwidth source sand consuming your bandwidth -although I don't think you're going to have bandwidth issues per say.

    The other thing it will help with is that you have a responsibility to prevent the cconnection being used for illegal use. Sounds very big brother, but sadly the digital economy bill does apply to what you are doing.

    You can't possibly know what is installed on each computer on your network, what they are going to download. Etc,

    We use pfsense in two locations, one is holiday apartments and the other is a leisure facility, you'll be surprised what appears on the blocked domains list report generated by opendns. And these are family environments…...oooooo

    Good luck with your project.


Locked