pcslookout
Lifer
Would a VM work for this ? If so would I need more than one network card in my computer as well ?
-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
Can I run a free open source firewall that controls my network with more advanced QOS in a VM ?
- Thread starter pcslookout
- Start date
mv2devnull
Golden Member
A firewall is between "outside" and "inside". A semipermeable filter.
Case #1: a wire and a PC. PC has OS. OS has firewall to filter traffic between wire and OS.
Case #2: ISP wire, router, home wire, PC(s). Router has firewall in its OS. It filters traffic between ISP wire (WAN) and home wire (LAN). (Each PC has its own firewall too.
You seem to ask whether you can connect a VM to act as router between two subnets. Yes, you can. A link is a link whether it is physical, wireless, or virtual.
However, it is not clear where you would host the VM and therefore what is in the "inside"?
Case #3: a wire and a PC. PC has VM. wire is connected to the VM. VM is connected to the host OS. The VM routes traffic between wire and host OS. The VM has firewall. The host OS has firewall too. One wire. One network card.
Case #4: same as case #2, but the router is a PC with two network cards and has a VM. The VM filters between WAN and LAN. The host OS is connected only to the LAN.
Case #5: ISP wire is connected to a switch. Switch is connected to a PC. Switch is connected to LAN. The WAN-traffic goes through the switch to the PC. The LAN-traffic goes through the switch to the PC. There is only one wire between switch and PC. The switch supports VLANs and has two defined. The PC supports VLANs. Wire between switch and PC carries both VLANs (WAN and LAN). The PC could have a VM.
Yes, a VM could work (and is used by many). There is an extra attack vector from VM to host (and other VMs) that the separate devices do not have.
Case #1: a wire and a PC. PC has OS. OS has firewall to filter traffic between wire and OS.
Case #2: ISP wire, router, home wire, PC(s). Router has firewall in its OS. It filters traffic between ISP wire (WAN) and home wire (LAN). (Each PC has its own firewall too.
You seem to ask whether you can connect a VM to act as router between two subnets. Yes, you can. A link is a link whether it is physical, wireless, or virtual.
However, it is not clear where you would host the VM and therefore what is in the "inside"?
Case #3: a wire and a PC. PC has VM. wire is connected to the VM. VM is connected to the host OS. The VM routes traffic between wire and host OS. The VM has firewall. The host OS has firewall too. One wire. One network card.
Case #4: same as case #2, but the router is a PC with two network cards and has a VM. The VM filters between WAN and LAN. The host OS is connected only to the LAN.
Case #5: ISP wire is connected to a switch. Switch is connected to a PC. Switch is connected to LAN. The WAN-traffic goes through the switch to the PC. The LAN-traffic goes through the switch to the PC. There is only one wire between switch and PC. The switch supports VLANs and has two defined. The PC supports VLANs. Wire between switch and PC carries both VLANs (WAN and LAN). The PC could have a VM.
Yes, a VM could work (and is used by many). There is an extra attack vector from VM to host (and other VMs) that the separate devices do not have.
dave_the_nerd
Lifer
1) Yes a VM would work for this.
2) Not necessarily, but you probably should.*
*Actually, you should probably have it running on separate hardware from your main "general use" PC, whether it's a VM or not.
Start here:
https://www.smallnetbuilder.com/oth.../31433-build-your-own-utm-with-pfsense-part-1
2) Not necessarily, but you probably should.*
*Actually, you should probably have it running on separate hardware from your main "general use" PC, whether it's a VM or not.
Start here:
https://www.smallnetbuilder.com/oth.../31433-build-your-own-utm-with-pfsense-part-1
Are there any firewall devices with a single port for ingress/egress? I'm not a network admin, but that feels like it would really suck (VLAN tagging for everything?).
To be pedantic, a HW firewall (even if the OS is virtualized) needs 2 NIC ports. Those could be onboard or on a 2-port NIC, or a combo thereof. You don't necessarily need 2 add-on NICs (since dual port is the common case) and a home user shouldn't.
Presumably the OP means "NIC port" when he said network card.
dave_the_nerd
Lifer
It's not impossible but it would suck. I've only ever seen it happen with homebrew solutions, nothing commercial.
sdifox
No Lifer
Yes to both. i am running pfsense in hyper-v. Get intel nics.
Mind you pfsense isn't open source, just free for home use.
Last edited:
Fallen Kell
Diamond Member
I would highly recommend getting a dual port NIC and assigning the entire card to the VM directly. Intel NICs tend to be much better supported for such functionality (both for virtualization hypervisors as well as support in almost all flavors of operating systems).
XavierMace
Diamond Member
Please tell me you're not thinking of doing this purely to try to QoS your IDM traffic to stop if from tanking your network rather than just stop using IDM.
sdifox
No Lifer
XavierMace
Diamond Member
Because if I had to make a list of reasons for a non-networking/server savvy user to go to the effort of running a firewall/UTM as a VM, QoS'ing an IDM wouldn't make the top 1000 even.
sdifox
No Lifer
XavierMace
Diamond Member
No offence to the OP, but at his technical skill level (based on his posts), trying to setup pfsense in Hyper-V on his desktop, the only thing I think he's going to learn is to hate you guys for suggesting it.
sdifox
No Lifer
XavierMace
Diamond Member
Doesn't mean nobody should question the wisdom in doing it.
sdifox
No Lifer
I have my limits on handholding. Thread number 4 on same subject is definitely over my limit.
mxnerd
Diamond Member
pfsense is open source.
https://www.pfsense.org/about-pfsense/
https://github.com/pfsense/FreeBSD-src/tree/RELENG_2_4
mxnerd
Diamond Member
sdifox
No Lifer
Interesting. Never bothered to find out. I figured it was not open source since I got the strictly not for commecial use spiel on install.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
