Question Solution for DIY NAS + Router combo? Distro? VMware? HyperV? Win10 Pro?

Toggle sidebar Toggle sidebar
VirtualLarry

VirtualLarry

No Lifer
Aug 25, 2001
56,571
10,206
126
I want to build a small box that will serve as a 5-HDD RAID-5 NAS (BitFenix Prodigy case), as well as serve as the router and VPN endpoint for my LAN.

I know that there are router distros, and NAS distros, but anything that combines the two?

Can I run HyperV or VMware in Win10 Pro, to run both distros, and passthough the Intel SATA controller to the NAS distro, and the dual onboard NICs to the Router distro?

Probably throw one of these dual 10Gbase-T / Nbase-T NICs into the PCI-E x16 slot.

Amazon.com: StarTech.com Dual Port 10G PCIe Network Adapter Card - Tehuti TN4010 10GBASE-T & NBASE-T PCI Express Network Interface Adapter 10/5/2.5/1GbE Multi Gigabit Ethernet 5 Speed NIC LAN Card (ST10GSPEXNDP): Computers & Accessories

Buy StarTech.com Dual Port 10G PCIe Network Adapter Card - Tehuti TN4010 10GBASE-T & NBASE-T PCI Express Network Interface Adapter 10/5/2.5/1GbE Multi Gigabit Ethernet 5 Speed NIC LAN Card (ST10GSPEXNDP): Network Cards - Amazon.com ✓ FREE DELIVERY possible on eligible purchases
www.amazon.com

Maybe the StarTech X550 Intel dual-port 10GBase-T/NBase-T NIC:

Are you a human?

www.newegg.com www.newegg.com

Case:

Are you a human?

www.newegg.com www.newegg.com
Mobo:

Are you a human?

www.newegg.com www.newegg.com
CPU:

Are you a human?

www.newegg.com www.newegg.com

2x16GB desktop DDR4-3200
 
Last edited:
VirtualLarry

VirtualLarry

No Lifer
Aug 25, 2001
56,571
10,206
126
Looking at network architecture, that's the hard part.

I want the base OS (Linux or Windows 10 Pro, maybe Windows Server 2019?), to be DIRECTLY on the WAN to the ONT, I guess, and then, have a VM for the NAT and DHCP and DNS for the local LAN, and a VM for the SMB/CIFS/Windows File Sharing for the local LAN (not bound to the network adapter for the WAN, maybe that's easier in Linux, I don't know).

I want a local management port, that connects to the base OS (for remote-access / VNC via a dedicated LAN cable, maintenance, etc.), as well as a DMZ port, that I can put an internet-facing service on, OR, even another SOHO router's WAN port, and then plug "protected" devices into the SOHO router's LAN ports, AND possibly put internet servers behind that SOHO router, and then open/map ports on THAT router, to each server's IP behind it, and port, and that way, I can put Windows OS-based servers online, without having to totally lock-down the OS, because only the forwarded ports would be exposed to the internet.

Would this be easier in Linux (Mint?) than Windows? I REALLY DON'T want to have to splash out the $$$ for Windows Server. Can you run and create VMs, either on HyperV or VMware, in Win10 Pro?

I want the WAN port to be one of the two ports on the dual 10GBase-T card, and the LAN (feeding my local network cluster, as well as workstations from that cluster) to be the other. The dual 1GbE-T ports on the mobo, one can be the DMZ, and one can be dedicated base OS management.

I have (not yet) used ESXi, would that serve this purpose? The StarTech dual 10GBase-T/NBase-T NIC claims support from ESXi. The two onboard 1GbE-T NICs are an Intel I219-V and an I211-AT, which being Intel NICs, I presume are likely already supported as well.

Edit: Oh, and I want a VPN server/endpoint on this box too, in another VM, that would allow remote (WAN incoming) access to the LAN. Or maybe I don't. Maybe I want to run the LAN PCs with a fairly strict NAT policy, and forward all incoming unsolicited inbound traffic to the DMZ port. (What about running Skype or Torrents on a host on the LAN? Would that be possible with this setup? Run UPnP on the VM for the router?)

Edit: What would be the benefit of keeping host PCs on the LAN to be strictly clients only, of the Internet, and of the SMB server/NAS drives on "the box"? But what about PC gaming, and needing to allow incoming connections to PCs on the LAN? If I allowed UPnP to run on the router VM, or even "the box", and open incoming ports, and route/NAT them appropriately?

Edit: If UPnP allowed a sort of "cascade" (I don't really know quite how it works) feature, that if a PC on the LAN, behind the NAT in the VM, requested a port opened on the "outside" (WAN), if the VM was 1:1 NAT'ed on "the box" host OS to the WAN connection, it would be nice if the VM could "cascade" the port opening, to the firewall on "the box" host OS too, to allow incoming ON THOSE SPECIFIC PORTS/RANGES to be allowed through the firewall on "the box" host OS, through the 1:1 NAT from the WAN to the router VM, and from there to the LAN adapter.

Am I overthinking this? Is there some sort of combo NAS/router OS distro? Or is base Linux OS capable of doing all of this stuff, without so much hassle with VMs?

I want a Windows (10 Pro?) VM running on "the box" too, so that I can VNC or RDP into (bound to the LAN adapter, and possibly the management adapter, ONLY) from any of my host PCs on the LAN, and use it to browse the internet on "the box" (CPU and RAM permitting, I'll have 32GB of RAM, and a 2C/4T CPU to start with).

Also, will a 2C/4T 3.7+ Ghz dual-core with HT Coffee Lake CPU handle routing 10Gbit/sec worth of traffic, in theory? And serving similar traffic over SMB/WFS?
 
Last edited:
S

SamirD

Golden Member
Jun 12, 2019
1,489
276
126
www.huntsvillecarscene.com
Look at proxmox--it's a full hypervisor that runs bare metal and can run other vms and even dockers. I've only read on it and haven't yet implemented the proxmox cluster I have the hardware for--impossible to cool it all in the summer, lol.
 
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
I think you already have several NASes, why do you want to add another NAS VM? QNAP has Virtualization Station app that you can create (pfsense firewall https://www.qnap.com/en/how-to/tutorial/article/installing-pfsense-on-a-qnap-nas/) VMs on it. Just don't know if your model supports it. And your NASes do not support RAID-5?

Windows 10 Pro running VMware Workstation or Windows Hyper-V does not support any hardware passthrough, you will need VMware ESXi, or unRAID. (Not sure regarding Linux KVM, Proxmox, or MS Hyper-V server)

Forget dual core Pentium, it will be miserable running multiple VMs. You want as more cores as possible. Intel CPU will have better compatibility than Ryzen regarding running ESXi. Some people do manage to run ESXi on their Ryzen machines however.

Gaming VM will require hardware GPU passthrough or you will have difficulty running modern games. And once you get hardware passthrough working, you are not going back. An ITX motherboard with only 1 slot is not suitable for the task. You want to have mATX board with 4 slots where you can plug-in graphics card, network card, RAID controller, or even USB 3.x adapter etc.

There is no NAT UPNP port cascading. If you need same port forwarding numbers for multiple machines, you need multiple public WAN IP addresses.

ESXi is free but its UI a bit complex, too many things going on at once. unRAID costs money but it's got affordable lifetime license (with free trial) and it also supports hardware passthrough.

You can start with Windows 10 Pro built-in Hyper-V or free VMware player with Windows 10 Home if you don't need hardware passthrough. All you need is multiple onboard or PCIe/USB NICs.
 
Last edited:
  • Like
Reactions: SamirD and killster1
VirtualLarry

VirtualLarry

No Lifer
Aug 25, 2001
56,571
10,206
126
mxnerd said:
Forget dual core Pentium, it will be miserable running VMs. You want as more cores as possible. Intel CPU will have better compatibility than Ryzen regarding running ESXi. Some people do manage to run ESXi on their Ryzen machines however.

Gaming VM will require hardware GPU passthrough or you will have difficulty running modern games. And once you get hardware passthrough working, you are not going back. An ITX motherboard with only 1 slot is not suitable for the task. You want to have mATX board with 4 slots where you can plug-in graphics card, network card, RAID controller, or even USB 3.x adapter etc.

There is no NAT UPNP port cascading. If you need same port forwarding numbers for multiple machines, you need multiple public WAN IP addresses.
Click to expand...
There wouldn't be gaming in a VM, the gaming would be on PCs connected over the LAN. There might be a Win10 Pro "browser box" VM, which I don't think will load "the box" down too heavily.

As far as the NAT UPnP cascading, that's too bad. I don't want to map the same incoming port on the WAN to multiple machines; rather, I want to allow a PC on the LAN to "punch through" to the WAN interface, and open a port on it, that will get routed / NAT'ed through multiple NAT layers.

Basically, the idea that UPnP-capable NAT devices / routers, would be able to know if they were "nested", and when a UPnP request to open a port happens on the inner-most NAT, it would then be requested "upstream" to the next-most outer NAT, all the way to the actual WAN with a public IP address (not NAT'ed). That would seem to be some sort of crucial functionality, wouldn't it? It might also make CGNAT much less of a burden on customers, if they could cause their CPE NAT router, when opening ports on it, to cascade the "open port" outward to the CGNAT of the ISP, and still be able to accept incoming connections from the ("real", public) internet.
 
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
The purpose of IPv6 is to solve IPv4 & its NAT problems. Unfortunately, the consumer world is still stuck at IPv4 & NAT. Consumer has no control over CGNAT and ISP won't help you.

If you just want a browser box for your LAN, why not just buy a mini PC from Amazon and then TeamViewer into it?
 
  • Like
Reactions: SamirD
VirtualLarry

VirtualLarry

No Lifer
Aug 25, 2001
56,571
10,206
126
mxnerd said:
The purpose of IPv6 is to solve IPv4 & its NAT problems. Unfortunately, the consumer world is still stuck at IPv4 & NAT. Consumer has no control over CGNAT and ISP won't help you.

If you just want a browser box for your LAN, why not just buy a mini PC from Amazon and then TeamViewer into it?
Click to expand...
I guess it just blows my mind that the designers of UPnP couldn't consider the possibility that people (or companies) would "nest NAT", and that they needed to engineer a solution to "punch through" multiple NAT layers (and create a chain of port-forwards along the way), to allow hosts behind multiple layers of NAT, to be able to open ports on the "outside" (public internet). Such deficient engineering.

Anyways, I want to build a 10GbE NAS unit as well, with a desktop CPU, and plenty of RAM, for good responsiveness. So why not a browser VM on top of that box as well?
 
K

killster1

Banned
Mar 15, 2007
6,205
475
126
you always hear two diff arguments over running your router from a vm. When your machine goes down your router goes down. Running your OS with out a router in front will possibly open your security vulnerabilities. I have been using a
qotom 5500u nuc thing for mine, then a switch/server/wifi access point.
 
  • Like
Reactions: mxnerd
VirtualLarry

VirtualLarry

No Lifer
Aug 25, 2001
56,571
10,206
126
Are there any "router distros" that would run (hopefully based on Linux, or possibly BSD) on the "bare metal", and then, like unRAID, offer KVM-based HyperVisor services on top of that? So that I could run a NAS instance in a VM (and pass-through the SATA controller onboard), and then run just an OS VM, with Windows 10 Pro, and connect that up to the router portion, and bind that VM only to the local LAN interface, and not the WAN port?
 
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
Of course you can run router, NAS, Windows or Linux VMs, etc on a powerful machine.

Anyway, get a CPU with at least 4 cores. Speed is not that important, but core counts and cache size is crucial for true multitasking.

==

Be noted INTEL' SATA RAID is software RAID. Under bare metal hypervisor, all of its SATA ports are just generic SATA port. No RAID function.

==

All bare metal hypervisors that I know (ESXi and unRAID) can pass through hardware like real RAID controller (Dell, LSI, Adaptec) and create NAS VMs that uses these controllers.

==



FreeNAS seems does not support real RAID card if it's the NAS distro you want to use, and that could be good news since you don't have to spend extra money.
 
Last edited:
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
Last edited:
sdifox

sdifox

No Lifer
Sep 30, 2005
99,339
17,542
126
MS server, use that as your file server, host a pfsense vm in hyper-v
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom