Best way to fit pfsense VM in my home network



  • Hi,

    First and most importantly, pfsense is a VM running in ESXi.

    I have all of my hardware in place, but don't know exactly where to fit pfsense in the picture. I've attached a diagram of my home network. I would like to keep the functionality of ddwrt if possible, but it might be best to change my router into just an access point. Any suggestions on how to hook things up would be greatly appreciated.

    Note I have 3 NIC ports on my ESXi box.

    Thanks so much!




  • What are you trying to accomplish with pfSense?  Firewall?  Caching proxy?  What specifically about DDWRT do you need to keep?  The natural place would be between your cablemodem and the Netgear R7000, but it really depend on what you are trying to do.



  • @KOM:

    What are you trying to accomplish with pfSense?  Firewall?  Caching proxy?  What specifically about DDWRT do you need to keep?  The natural place would be between your cablemodem and the Netgear R7000, but it really depend on what you are trying to do.

    Sorry I should have included that.

    I mainly want it to act as a firewall. We use it at work and I thought a good way to learn it would be to install it at home and play around with it. I'm sure once I start using it I'll want to do more, but right now I'm not 100% sure outside of a firewall.

    As far as DDWRT I was hoping that would act as a VPN server and ad blocker but I'm thinking that pfsense may do that better (guess that's part of the first question).

    I think the thing that's confusing me is that it's in a VM so it's throwing me off a bit on the plugging things in side of the setup.

    Thanks.



  • pfSense can easily be your firewall, OpenVPN server, caching proxy with ad-blocking.

    Sorry, my tired brain forgot you were doing this virtually.  I use a similar scheme at our office where I have a public switch, and one NIC from each of my ESXi hosts plugged into the switch.  I run pfSense as a VM, and all other network clients use it as their gateway.  I use it for the firewall, OpenVPN, Squid and SquidGuard.



  • @KOM:

    pfSense can easily be your firewall, OpenVPN server, caching proxy with ad-blocking.

    Sorry, my tired brain forgot you were doing this virtually.  I use a similar scheme at our office where I have a public switch, and one NIC from each of my ESXi hosts plugged into the switch.  I run pfSense as a VM, and all other network clients use it as their gateway.  I use it for the firewall, OpenVPN, Squid and SquidGuard.

    Got it, though I'm still confused as the best way to hook things up.

    I'm thinking that my modem would go to nic1 on my esxi and nic2 would go to the router. The router would be hooked into the switch.

    Is there a better way to do it?


  • Netgate Administrator

    Yep that should work. Personally I would remove the r7000 completely though. You might want to switvh over jn stages in which case keep the r7000 as you described until you're happy to move all the services to pfSense.
    You could also run things like vpn servers and proxies as separate VMs.
    You could use VLANs to get more interfaces into the pfSense VM since it looks like your switch and router supports them. There are many configurations you could use.  :)

    Steve



  • @stephenw10:

    Yep that should work. Personally I would remove the r7000 completely though. You might want to switvh over jn stages in which case keep the r7000 as you described until you're happy to move all the services to pfSense.
    You could also run things like vpn servers and proxies as separate VMs.
    You could use VLANs to get more interfaces into the pfSense VM since it looks like your switch and router supports them. There are many configurations you could use.  :)

    Steve

    Thanks for the reply. VLANs were another option I was thinking about. I need to keep the r7000 for an AP as I have a lot of wireless devices at home (plus I just bought it :)).

    The VLAN idea would be to have 2 ports on the router as a vlan and hook those into the ESXi box for LAN and WAN, and use the other as switch ports. Not sure that would work or be any better than the initial idea.


  • Netgate Administrator

    You could, just as an example, put your NAS or media server on a separate VLAN and then bring that into the ESXi box. Then you can add that VLAN as a separate inerface in pfSense and filter traffic to/from it.
    You can probably have WIFI traffic assigned to a VLAN in DD-WRT and filter/route that separately in pfSense.

    Many combinations are possible.  ;)

    Steve


Log in to reply