Feb 142011
The blog post describes how to install the firewall distribution pfSense based on FreeBSD in a kernel based virtual machine (KVM) on Ubuntu 10.10.
Specialities: you either need two NICs or a single one with VLANs as pfSense requires you to define at least one WAN and one LAN interface.
First, get the live cd (choose from a mirror on the download site for pfsense):
1 2 | wget http://mirror.fleximus.org/pfsense/downloads/pfSense-1.2.3-RELEASE-LiveCD-Installer.iso.gz
gunzip pfSense-1.2.3-RELEASE-LiveCD-Installer.iso.gz
|
Then create a kvm virtual machine and install pfSense (enter 99 after boot up of the live cd)
1 2 3 4 5 6 7 8 9 10 11 | sudo virt-install \
--name pfsense \
--ram 512 \
--vcpus=1 \
--os-variant freebsd7 \
--hvm \
--network=bridge:br0,model=ne2k_pci,mac=00:00:00:00:00:17 \
--network=bridge:br1,model=ne2k_pci,mac=00:00:00:00:00:18 \
--vnc \
--cdrom pfSense-1.2.3-RELEASE-LiveCD-Installer.iso \
--disk path=pfSense-1.2.3.img,size=4
|
Continue with the installation just as you would on a regular machine.
resources
- The official website of pfSense: http://www.pfsense.org/
- http://retenodus.wordpress.com/2011/01/26/how-to-install-pfsense-with-kvm-and-libvirt/
[...] Install pfSense in KVM on Ubuntu 10.10 » Philipp Klaus’s Computing Blog – [...]
Yeah, but it can limit Your bandwidth, isn’t? I have running pfSense 2.0 RC1 inside my KVM, WAN attached to 100Mbit NIC and LAN attached to 1000Mbit NIC. Drivers using: WAN is ne2k_pci (was rtl8139, but caused problems – disconnections, lag) and LAN is using e1000.
Just checked perfomance with iptraf. While on virtualised Debian I have ~860Mbits using virtio-net driver between client outside and VM, on pfSense VM I can reach only ~260Mbits for e1000 and.. ~10Mbits for ne2k_pci. ne2k_pci in real is 10Mbit NIC. For ne2k_pci pfSense reports: 10baseT/UTP. pfSense won’t recognise virtio-net. I think this is a problem.
Yes, you’re right. Networking with FreeBSD in KVM isn’t that much fun. As I don’t use this pfSense setup in a production environment I didn’t care much about speed. But if you do, this might be a desaster. You may have a look at the test of different network drivers for KVM and FreeBSD (also applies for pfSense) by Michael W Lucas published on http://blather.michaelwlucas.com/archives/268 .
I think figured it out. Hypervisor uses bridge (br0) for connecting VMs to my network. Time interval: 30 sec. Debian VM virtio-net: - hypervisor to Debian: 1,47Gbit/s - Debian to hypervisor: 2,10Gbit/s - client to Debian: 860Mbit/s - Debian to client: 760Mbit/s pfSense (FreeBSD) VM e1000: - hypervisor to pfSense: 235Mbit/s - pfSense to hypervisor: 235Mbit/s - client to pfSense: 260Mbit/s
Looks like a problem between FreeBSD-based VM and KVM hypervisor. BUT, I’m unable to check if Flow Control is Enabled. When trying to get settings for bridged NIC on hypervisor using mii-tool error appears: SIOCGMIIPHY on ‘eth1′ failed: Operation not supported SIOCGMIIPHY on ‘br0′ failed: Operation not supported
negative, reached 20Mbits on WAN using ne2k_pci.
Based on this document ( http://doc.pfsense.org/index.php/PfSense_and_FreeBSD_Versions ) and
man virt-install, you should not use--os-type=unix.Instead, you should use
--os-variant=freebsd7for pfSense 1.2.1 -> 1.2.3 and--os-variant=freebsd8for pfSense 2.0.I’m running Ubuntu 12.04 with VirtualBox and I have pfSense installed with 2 bridged NICs and I was wondering how I would configure the interfaces from the host side of things?
Like in /etc/network/interfaces does the LAN port require additional configuration?