CentOS and putting pfSense on a VM along side a Freenas VM
I am wanting to use CentOS as my host OS. Then build two virtual machines one pfSense and one Freenas. Are there any known issues with pfSense running in a VM? I have dual Gigabit NIC's, I also have an expansion card in this with 2 more ethernet ports which was in the server when I purchased it.
pfSense runs fine in a VM, however if you need high speeds (more than a few hundreds Mbps) you should do PCI pass-through.
Most people run pfSense under VMware or VBox, under CentOS you will probably want to use KVM.
I am still learning the linux side so I will explain how I have it setup and you can let me know what you think.
CentOS - Host
VBox - Virtual Machine Manager
pfSense - in Vbox
Freenas - in Vbox
I have KVM installed, I have spice installed in case I need console access.
I am currently looking for a way to make an IP KVM box with linux so I can save some money.
I used to use a normal home router but once I started learning Windows and Linux Server I did not like the way it was handling my network. I switched to pfSense and have not even thought of looking back.
Everything on my network is gigabit except one PC, and the two XBOX 360's. Servers are gigabit and my PC is gigabit.
If the reason for the box is to run VMs, you might want to look at ESXi – its FREE, and going to use less resources than a full blown os like CentOS.
I run multiple VMs on my esxi box, including my pfsense which acts as my gateway off my network. Box is cheap little HP microserver N40L with 8GB ram and 2nd gig nic added. One nic used to connect to my cable modem (internet) and second nic gives me access to physical local network. I run a file server as vm as well, just not freenas.
I get great performance out of this box for the cost.
I already have the box, I bought it and had the spare parts to upgrade it quite a bit.
I am not sure on the assessment of ESXi vs. CentOS. Both are free, but as far as footprints go I know CentOS is fairly small.
CentOS is a fullblown OS, esxi is a hypervisor only. If your wanting to run VMs only, there is little reason to run a fullblown OS on the HOST, and then VM software on top of that.
If you don't want to run esxi, then run something like http://www.xen.org/ another type1 hypervisor – what your talking about doing sounds like type 2
Best of two worlds, http://proxmox.com/products/proxmox-ve
i run just like you and pfsense as fw in a wm.
Don't most pfSense/Type2 approaches put some of the Host OS outside the firewall unless you filter or NAT on the Host OS before pfSense gets the packets?
Not really, depending how you set it up. I use to run in type 2 mode - but what was the point to running a full OS on the hardware when the hardware was just for VMs – made no sense from resource sense. Anything I wanted to do on the host OS, just do in a VM.
You do run a more of risk I would think of exposing the host to public, if for some reason you put an IP on the interface on the host that you have setup for public side pfsense wan, etc.
There is one thing if your playing with a couple of vms on your desktop, and that is the only hardware you have, etc. Sure you can run your vms in type 2 setup. But if you have hardware your going to run VMs on only, etc. Why in the world would you not run type 1?? Your just throwing away cpu cycles that could go to VMs on the Host OS.