Newbie questions
-
Hi everyone,
I've built a home server about a year ago. It runs ESXi and I've been playing with it since then. I got to the point where I want to get rid of my crappy Linksys E1200 (and I ran out of things to do with my server ;D). I've heard about pfsense a long time ago, and I'd need to be pointed in the right direction to start working with what I have.
This is what I have : http://tyan.com/Motherboards_S5512_S5512GM4NR
I want to run pfsense as a VM, and connect my other computers to it. Is it possible with the single onboard NIC?
As in :
Port 1 = WAN
Port 2, 3 and 4 = Ethernet switch -
That board appears to have 4 on board NICs, you want to use just one of them?
You are running other VMs on that machine also?
Yes you can probably do it whatever the answers are. ;)
Steve
-
As in :
Port 1 = WAN
Port 2, 3 and 4 = Ethernet switchI'm interested in this too. My guess is yes, and maybe there is a set of firewall rules floating around here for emulating an ethernet switch?
There is a section in the pfsense book called "Bridging two internal networks". Maybe that is what you need. I'm guessing having a WLAN bridged to a LAN would be treated similarly to the 3 ports you want on your ethernet switch.
-
Yes you can easily bridge ports to make them act as a switch. However you should only do that if you happen to have a machine with lots of spare ports because the performance will be worse than the cheapest unmanaged gigabit switch. Which is fine for most situations.
This particular machine would still manage 1Gbps between the ports but it would use cpu cycles that could be doing other things.Steve
-
I run pfsense on my esxi host as vm, its pretty straight forward.
Create at min 2 vswitches in esxi. Connect one to interface you will use as wan and connect this physical port to your modem. Then other vswitch is you physical lan.
connect vm pfsense wan to your wan vswitch, and lan interface to you lan vswitch. Really all there is too it.
-
Wow, thanks for all these replies. Sounds awesome!
That board appears to have 4 on board NICs, you want to use just one of them?
You are running other VMs on that machine also?
Yes you can probably do it whatever the answers are. ;)
My understanding was that it's 1 adapter with 4 ports. I was wondering if it was enough to work with, or if I needed a second physical ethernet adapter.
Yes, I do run quite a few WMs on that machine!
Yes you can easily bridge ports to make them act as a switch. However you should only do that if you happen to have a machine with lots of spare ports because the performance will be worse than the cheapest unmanaged gigabit switch. Which is fine for most situations.
This particular machine would still manage 1Gbps between the ports but it would use cpu cycles that could be doing other things.I have a solid CPU and want optimal transfer speed (I tend to move large files within the network), but I'd rather spare the processing power if a simple switch could take care of it. Are we talking about these ~$50 desktop switches?
I run pfsense on my esxi host as vm, its pretty straight forward.
Create at min 2 vswitches in esxi. Connect one to interface you will use as wan and connect this physical port to your modem. Then other vswitch is you physical lan.
connect vm pfsense wan to your wan vswitch, and lan interface to you lan vswitch. Really all there is too it.
That is EXACTLY what I had in mind, but wasn't sure if it'd work. Thanks! I'll get into it this week and probably come back with more questions :)
-
My understanding was that it's 1 adapter with 4 ports
What shows up in the vSphere client under Configuration > Network Adapters?
As johnpoz says, it's pretty straight forward.
https://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5 - might help in some way.
-
The spec sheet for your motherboard says it has 4 x Intel 82574L controllers.
-
I'd never thought about this but the acronym NIC is confusing for, say, a quad port card. Four Network Interfaces, one Card.
Anyway in this case the board has four separate interfaces as you say.A $50 desktop gigabit switch, like a Netgear GS105, will handle wirespeed traffic all day without an issue. Setting up 3 NICs as a bridge will probably perform worse (at least higher latency) and use CPU cycles that could be powering some other VM. However as you've already got the spare interfaces you can try it and see. :)
Steve
Edit: Of course if you substitute the C for controller it makes more sense. ::)
http://en.wikipedia.org/wiki/Network_interface_controller -
You would think so wouldn't you? I agree.
Or even one of these - They do actually work very well. Plain fast unmanaged switch.
http://www.ebay.com/itm/Dynex-DX-GB8PRT-Ethernet-Switch-New-In-Box-/251343584639?pt=US_Network_Switches&hash=item3a853ebd7f
-
I'd never thought about this but the acronym NIC is confusing for, say, a quad port card. Four Network Interfaces, one Card.
Anyway in this case the board has four separate interfaces as you say.Thanks for thanks clarifying, I'm no network expert as you can imagine :)
I just went ahead and bought this guy.
I'm going to have to look into a wireless solution as well. As far as I understand, I could use my old Linksys E1200 as an access point, but the transfer rate is pathetic on that thing.
-
Option one : buy a better wi-fi router/AP, plug it to the switch, problem solved
-
Option two (favored ) : using a supported PCI adapter with similar specs
Does it sounds about right?
-
-
Not interested in VLAN at all then I suppose?
-
Go with option one.
Or use your Linksys at whatever pathetic speed it can manage! ;)
It will be much faster than option 2 because….
There is no 802.11N support in pfSense currently, due to limited and very recent support in FreeBSD. Some 802.11N cards are supported but only at 'G' speeds.Put DD-WRT on your Linksys for bonus points!
http://www.dd-wrt.com/wiki/index.php/Linksys_E1200Steve
-
Not interested in VLAN at all then I suppose?
I might be missing something, but isn't VLAN for large networks requiring some type of virtualization?
Go with option one.
Or use your Linksys at whatever pathetic speed it can manage! ;)
It will be much faster than option 2 because….
There is no 802.11N support in pfSense currently, due to limited and very recent support in FreeBSD. Some 802.11N cards are supported but only at 'G' speeds.Put DD-WRT on your Linksys for bonus points!
http://www.dd-wrt.com/wiki/index.php/Linksys_E1200Steve
I see. I'll just avoid the PCI solution altogether. It's just asking for troubles with either ESXi or pfSense, and doesn't really bring any benefit.
I never heard about DD-WRT. It looks awesome. Thanks for the input! I should receive the switch today, just in time to install pfSense and flash the Linksys over the weekend :D
-
Not really - VLANs can be used to segregate networks or provide multiple interfaces on using one or two NICs.
Example.
On my 1 switch downstairs I have untagged VLAN 50 on several switch ports for the guys that stay down there plugged into 1 interface.
So, they have a few ports for that network.Same switch, I have untagged 60 ports for my network and a bunch of stuff wired into that on another interface of my pfsense.
Also separate VLAN and interfaces for the wireless networks for family and guests.
Now, if I had a pfsense with 1 WAN and 1 LAN, I could use a Tagged VLAN to do pretty much the same thing. Lots subnets and ports available.
-
Not really - VLANs can be used to segregate networks or provide multiple interfaces on using one or two NICs.
Example.
On my 1 switch downstairs I have untagged VLAN 50 on several switch ports for the guys that stay down there plugged into 1 interface.
So, they have a few ports for that network.Same switch, I have untagged 60 ports for my network and a bunch of stuff wired into that on another interface of my pfsense.
Also separate VLAN and interfaces for the wireless networks for family and guests.
Now, if I had a pfsense with 1 WAN and 1 LAN, I could use a Tagged VLAN to do pretty much the same thing. Lots subnets and ports available.
I had no idea VLANs could be used that way. That might be very useful indeed, and I will look into it. Thanks!
I received the switch yesterday evening. Using the guide linked above, I had everything up and running 20 minutes later. Here I am with my fresh install, but as promised, I have more questions (which is why I wanted to use pfSense in the first place, to learn about networks :) ).
1. I want to install WM Tools. I look into System>Packages and find two packages
- Open-VM-Tools Stable 8.7.0.3046 (build-425873) platform: 2.0
- Open-VM-Tools-8.8.1 RC 528969 platform: 2.0 2.1
I assume Open-VM-Tools-8.8.1 is the one, but I just want to double check.
2. I'd like to change my gateway from 192.168.1.1 to 10.xx.xx.1 . I actually tried yesterday (Interfaces>Lan) and changed the IPv4 address. It didn't work, and I didn't want to mess things up any further.
-
"I'd like to change my gateway from 198.168.1.1"
OK - I'm going to assume for a minute that your WAN is OK and that you aren't double NATed or anything.
On the LAN, you can change IP to 10.56.34.1 / 24 (for example) by going to:
Interfaces > LAN and changing it there. But the gateway should probably be "none".
Then you will also need to change your DHCP settings for LAN to match by going to:
Services > DHCP server
and change the DHCP range to something like 10.56.34.100 - 10.56.34.200 (or whatever range you want)
-
"I'd like to change my gateway from 198.168.1.1"
OK - I'm going to assume for a minute that your WAN is OK and that you aren't double NATed or anything
It was a typo. 192.168.1.1 ::)
-
My recommendation stands… If you do as I suggested, you probably won't have any problems.
This can also be done from the console, and if you only have 1 LAN type connection, it might even be easier.
10.56.34.1 is just a example - Make it anything you like, but I would make it something equally odd as 10.56.34.1
The reason I do that is to minimize the chances of overlap of subnet IPs when using VPNs.
10.0.0.1 for instance, is little better than 192.168.1.1
-
Lets make sure to mention the mask here or he will end up with his lan being 10.56.34.1/8
-
On the LAN, you can change IP to 10.56.34.1 / 24 or whatever…
Mentioned earlier. But yeah. /24 is good unless you a subnet calculating pro.
-
The DHCP of course… What was I thinking. Everything works smoothly now. Thanks.
My recommendation stands… If you do as I suggested, you probably won't have any problems.
This can also be done from the console, and if you only have 1 LAN type connection, it might even be easier.
10.56.34.1 is just a example - Make it anything you like, but I would make it something equally odd as 10.56.34.1
The reason I do that is to minimize the chances of overlap of subnet IPs when using VPNs.
10.0.0.1 for instance, is little better than 192.168.1.1
That is precisely the reason why I wanted to change the subnet. I'm a pilot (not often home) and plan on using VPNs extensively.
So I did a fair bit of research over the weekend (remember, I'm completely new to networking, bare with me :) ). I'd love to isolate some virtual machines and a guest wireless access from the rest of the network, mostly for security reasons. I'm not sure whether VLANs or DMZs (or both) are the best way to go about it.
For the sake of curiosity and expandability, I seriously consider returning my newly bought switch while I can to get a managed one with more ports.
I know that Cisco is supposed to be the best manufacturer out there. Sadly the only Cisco switch I found within my budget (~$200) only has 10 ports, which I find to be too few. I've been looking around, and I came up with with these :
-
I've always made pretty good use of 5 seperate NIC ports, but if you need more subnets than you have NIC ports, consider VLANs. Or if you need several subnets carried on one set of switches all over a spread out area, VLANs work great.
I didn't actually need VLANs at all in any of my applications, but if I didn't have tons of free NIC ports, I would.
-
I assume Open-VM-Tools-8.8.1 is the one, but I just want to double check.
Definitely use:
- Open-VM-Tools Stable 8.7.0.3046 (build-425873) platform: 2.0
You may well find that 8.8.1 won't start.
-
I would say that you don't need VLANs. You already have several spare ports that you bridged together so the only other reason you might want them is to segregate sections of your network that span switches, you haven't mentioned anything like that.
If you need (or want ;)) a managed switch then define what features you need on it. The low end HP switches always get a good write up here as do the Netgear managed switches, the GS108T for example.Steve
