How to Virtualize Your Home Router / Firewall Using pfSense

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

so you decided to start virtualizing stuff at home music proxmox and you're thinking about all of the things that you might be able to virtualize but you might be overlooking something that's rather simple to virtualize something that's critical to your own home network and that is something like your home router hey welcome back to on techno Tim and today we're gonna talk about virtualizing your home router using proxmox so you might be wondering why am i to virtualize my router using proxmox or why would a virtual eyes my router at all that's a pretty big topic but I'll try my best to answer it virtualizing your home router gives you complete control over your internet it allows you to choose from multiple router software's and choose the one that's best for you let's face it your home router might not have all of the features you want and you might find an open-source alternative that provides something like this does so I use this for a really long time so I use a Cisco router or a Netgear router back in the day and I was able to swap out the firmware on the device for something like dd-wrt and that really unlocked my router and gave me tons of great features but as the internet evolved and my needs evolved I needed something else so I started looking at all of the other software routers out there and most of them involved installing a Linux distribution and spitting that up on a physical machine and then I realized I have a whole entire virtual infrastructure here so why not Burchell eyes this too so I set out to do that years ago and I've been virtualizing my router ever since and so today we're gonna walk through how to bridge realize your own home router using proxmox and pfsense so pfsense doesn't apply to you or you found something else there are many alternatives out there and you can still use this guide to virtualize your router with proxmox so one piece of hardware that you will need outside of proxmox of course is a network card something like this so this right here is a dual gigabit nic this one's an Intel but Broadcom ones also work so you don't need a dual gigabit network card I'm using this because this is what I have so this one's PCI Express you'll probably want one of those and I've had success with Intel and Broadcom chips I'll have some links in the description below of cards that do work once you have your card you'll want to shut down your server and install it into one of the free PCI Express slots then you'll want to connect to network cables to it one is coming from your ISP and that will go into the LAN port and the next is the landside which is going to connect to your switch once you have it installed and your network cables connected start the server back up so with that out of the way hop right in so the first thing we're gonna do is go out to be up cents and download the community edition you want to make sure that this is set to the 64-bit edition along with the CD ISO installer after downloading the ISO you want to go out to your proxmox server and upload it once you've uploaded the ISO now we need to create a new virtual machine create VM so we're gonna name this pfsense now we want to choose our pfsense ISO we'll keep the guest OS to Linux we can keep this divert IO scuzzy for hard disk will choose Verte il block and we'll choose our storage I usually set this to around 40 gigs per CPU choose as many courses you have for memory it only requires 512 but I'm gonna go with 8 gigs then it's gonna ask us which network devices we want to use we're gonna pass through that network controller to this virtual machine so we don't need to choose anything here so we'll just choose no network device for now and we'll modify this later now we'll just confirm all of the settings we set we don't want to start this device just yet so click finished so now that proxmox created this virtual machine let's go into it and configure some more settings so select it let's go to hardware let's go to add let's go to PCI device so now you should see a list of PCI devices that you're able to take advantage of you want to choose the network device that we just installed here you can see I have a quad gigabit NIC so you might see two here you might see four and you might only see one if you used a single gigabit NIC but you want to choose that device here now you may or may not have to check the checkbox that says all functions and ROM bar in my experience I've had to choose both all functions and then go to advanced and make sure that ROM bar is checked this mayberry with you depending on your card but this is usually a safe bet so let's click Add so if you have more NICs let's add those so I'm going to do the same thing add PCI device choose the second Nick all functions and rum bar once we have both of these set we're not sure which one's the win and land but we'll figure that out later and if you only have one it's gonna be your win which is the one that connects to your ISPs modem or router next is something we should probably take care of now and that's starting this device automatically you want this to be the first device that starts up and you want it to always start up when your server starts up otherwise you won't have internet access so let's take care of that now so go to options change start at boot to enable and there we go okay now we'll walk through the installer so except here if you agree we'll want to install pfSense you need to change your keyboard changing here let's run through the guided setup so it's asking if we want to do any manual configuration let's say no here and then let's reboot so once it boots up they don't ask about VLANs I'm not going to set any up so I'll say no so with here it's gonna ask for the LAN interface this is the one that's connected to the internet we can have an auto detect or we can specify it ourselves let's just specify it ourselves we can change this later for wrong now we're gonna proceed okay so it's booted up so you'll notice right away we have our way and set in our land set you want to make sure that these match so on our land we can see this is getting a DHCP address from our ISP on the land side this is one that all of our devices on our home network live on so you can see it's set to 192 168 1 1 on the subnet of slash 24 so it looks like my LAN is ok if yours isn't you have two options one you can go and physically change the ports so if you physically change the ports you would have to move your plug from here to here or from here to here or you can do it in software it's really up to you if you want to do it in software you would choose the first option and you would go back through the wizard so there is something I do want to do here so my land supplement is not 192 168 1.1 it's actually 192 168 0.1 so let's change that so we would go into 2 so Wayne is fine this is DHCP so 2 is land the one we want to change so we want to change the static IP so we'll enter new IP address and this will be the IP address that you want your router to be it can be anything as long as it's not taken so the subnet bit count it's really gonna be up to you most likely it's gonna be 24 so we don't have an upstream gateway address for this device because this will be our gateway for all of our devices on the network so you can choose an ipv6 IP address here but I'm not gonna set one so here you'll choose whether or not to turn on DHCP so you'll want to turn on D CP so that this device hands out IP addresses to all the devices on your network so here you'll set a range of IP addresses that's going to hand out typically I start mine at around 100 so that I know that everything below it is reserved so you could do 192 dot 168 a zero dot 100 and the end address I usually pick 200 I don't have a good reason for doing this I just keep a block at the beginning and end for reserved devices so it asks if we want to revert to HTTP for web configuration I'm gonna say no here and keep it on HTTP so it configured the device and now we can access this over the web so you want to go to the IP address that you set and that it echoed out once you get there you'll get a self signed certificate warning but this is expected so you can click OK here now we'll sign in with the default pfSense username and password that's admin and pfSense so the very first thing you want to do is change that password so let's do that now so change the password in the user manager then we'll want to set this to something secure and we'll want to confirm it and then we'll want to save so another thing you should probably do is create another account here and disable this admin account that way no one can just hack away at admin you can create your own username as another secure way of securing this device so let's do that check out Tim group at add two admins and will save so now you see the new account I created and will see the old one so let's disable the old one okay so that was disabled let's log back out and log in let's try a new account okay once we're logged in well land on the dashboard so here we can see a lot of the vital information for our firewall we can see who's logged in we can see whether or not there are updates we can see our CPU type and a lot of other things about a router so if we take a look around we go in your system and we go to out date we can see whether or not their updates available we can also manage more users like the user we just set up under interfaces we could reassign these interfaces let's say for instance you mixed up LAN and Wan you could change those here or you can reassign individual names turn on DHCP or static IP addresses so if we go under firewall we have all types of options so we can set up NAT for port forwarding let's say you're running some services behind your firewall and you want to port forward those through the router to an individual client here's where you do that you could set a firewall rules on the outside or the inside of the firewall you could do some traffic shaping here setup VIPs or virtual IP addresses and services you can backup but you config if you want you could set up a captive portal for something like Wireless you can configure your DHCP server and add static mappings so that your DHCP server hands out the same IP address to a specific MAC address you could forward off DNS requests somewhere else other than your ISP set up a load balancer configure network time protocol setup you P&P so that you can automatically map ports set up wake-on-lan so that you can wake up the device inside of your network from the outside and also you can set a VPN so this is one of the biggest reasons why people set up something like a virtual appliance for their network router is because they want to set up the EP n2 VPN back home from the outside world open VPN server is really easy to use and there are plenty of guides out there so I won't walk through this but it's here if you need it and then status you have a status of all your services so you can go back to your dashboard see your DHCP leases see the status of ntp see your system logs and you can see logs for your firewall dhcp captive portal or really any service that you have running so you can do some reporting too and see a live output of your traffic graphs you can see how much bandwidth your whole entire house is using you can filter by Nick or by bandwidth in or bandwidth out whether it's local or remote or even by IP address this is super handy for diagnostics and speaking of Diagnostics there's plenty here so you can check out your ARP table authentication where you could test your username and passwords DNS where you can query DNS to see if it results PF info where you can see info of all your network devices PF top work you get to see all of your network connections you could reboot your device from here you can paint hosts either from your when Nick or your land Nick so if you want to troubleshoot and ping something on the outside or you want to ping something on the inside this is where you'll do it and really there's tons of Diagnostics in here for everything that's going on inside of PF sense so one thing that I didn't mention and I skipped over is the package manager because that opens a whole host of options for you so if you go to system and you go to package manager go into available packages here you'll see a lot of packages contributed by the community here you're seeing things like cron jobs eg a proxy didn't set up a proxy I have top SNMP and map PF blocker ng to block IP addresses from geolocation service watchdog to monitor services snort which is pretty awesome and can do deep packet inspection of all of your traffic squids here which is also a proxy cache and lots of other packages so you can pick any packages you like in here that you want to install on your router it's pretty simple so that's how easy it is to virtualize your router so we took something like this that doesn't have a lot of power or a lot of flexibility only birch lights it inside of proxmox that gives us a ton of flexibility and a ton of visibility into our network router and it gives us a whole host of features that otherwise wouldn't be possible and now you don't have to buy one of these every time your router dies because it's virtualized inside of your proxmox installation so you can keep this as a backup or you could donate it or even convert it into an access point with something like dd-wrt so that's yet another reason to virtualize something inside of proxmox or any hypervisor and if you need more reasons i've got a video on lots of reasons why you would virtualize something if you'd like to see something else virtualized or a different network appliance or virtual firewall let me know in the comments below so I hope you found this video helpful if you did please give it a thumbs up and consider subscribing and just as a reminder I stream every Tuesday Thursday and Saturday so if you have a question about this video or any of my other videos hop in my stream I'd love to have you so thanks so much for watching until next time Stream on my friends [Music]

Info

Channel: Techno Tim

Views: 184,680

Rating: undefined out of 5

Keywords: pfsense, virtualization, virtual, vm, virtual pfsense, virtualize pfsense, hyper-v, hyperv, firewall, server, linux, pfsense hyper-v, pfsense hyperv, router, should i virtualize pfsense, home server, pfsense vm, pfsense setup, pfsense installation and configuration, virtualize pfsense router, can you virtualize pfsense, proxmox nic passthrough, proxmox pfsense nic passthrough, techno tim, technotim, dd-wrt, ddwrt, homelab, homelabs, security, it security, proxmox 6, homelab ideas, opensource

Id: hdoBQNI_Ab8

Channel Id: undefined

Length: 15min 4sec (904 seconds)

Published: Sat May 16 2020