34
Pfsense as a KVM router and Firewall.
My current homelab network setup is currently in a bridged mode with my router this means I can simply start a new VM and its accessible via LAN as my Raspberry Pi acts as a DHCP/DNS server.
To test out how PFSense works I decided to setup a PFSense VM with two networks,One for the WAN(My Router) and one for the LAN(The VM's Using new network).
What is PFSense?
You can read about it here
This is how the PFSense KVM domain looks
pfsense.sh
#!/bin/bash
virt-install --connect qemu:///system \
--name="pfsense-router" \
--cdrom pfSense-CE-2.5.1-RELEASE-amd64.iso \
--disk path="pfsense-test.qcow2",size=4,bus=virtio,format=qcow2 \
--memory=1024 \
--graphics vnc,listen=0.0.0.0 \
--os-variant "freebsd10.0" \
--vcpus 2 \
--cpu host \
--os-type linux \
--network network=br0,model=virtio \
--network network=pfsense-router-net,model=virtio \
--console pty,target_type=serial \
--noautoconsole
The default Network is what I use for creating the VM's under the PFsense
network.
The following is how the PFsense router default network looks like
custom-network.xml
<network>
<name>pfsense-router-net</name>
<uuid></uuid>
<forward mode='nat'>
</forward>
<bridge name='virbr9' stp='on' delay='0'/>
<dns enable='no'/>
<mac address='52:54:00:a5:08:cb'/>
<ip address='192.168.123.1' netmask='255.255.255.0'>
</ip>
</network>
Setup this network using your command line
sudo virsh net-define custom-network.xml
Note:Setting <dns enable='no'>
disables the use of libvirts DHCP server.
Once the installation is done the only problem I found was the WAN interface blocks all incoming connections, and you have to access the PFSense router via the LAN interface.
You can follow this to disable the same
Or you can simply create a new VM with a browser and access the same. When you create a new VM make sure you give it the network you created above.
That's all folks