How to Virtualize Your Home Router / Firewall Using pfSense

44 thoughts on “How to Virtualize Your Home Router / Firewall Using pfSense”

• Which firewall / router are you running at home? If you can't remember, maybe it's time to SWITCH 😉

  By the way, if you're new here, welcome! Please remember to ✨subscribe✨ for more content like this!

• if i get this right, the one that goes out is goin into a switch, than its going back into my server (motherboard) lan, so my other vms have internet access as well.

• Warning: if something goes wrong with your virtualisation platform, you lose internet access, unless you have a multi-node cluster.
  In line with enterprise convention, I tend to keep critical things (which usually change rarely) separate from non-critical things (which tend to change more frequently). My NAS/virtualisation host changes far more frequently than my firewall, and I want my firewall to be up, even if my NAS is down – in fact, I need my firewall up especially when my virtualisation host is down.

• Hi Tim. You need to put a space before 'Techno' for the link to the HP Dual Gigabit NIC so the link works.

• Hello, nice video ! How do you connect other physical PCs to that virtualized router ?

• two things….why did you add pci device and not network device card as i've seen in all other similar vids?….secondly, as feedback – thanks for posting. apart from knowledgeable and simple to follow, it's calm and easy to listen to…

• 7:01 how do you know what your LAN should be? I understand the WAN, but not how the LAN was wrong.

• Hi TechnoTim, I hope you are able to answer one silly question about this setup: When experimenting with different virtualised router OSes I find the default LAN networks vary from product to product. And I like to just use the defaults most of the time in case changing them gives unexpected problems. This gives me a quandary about where to put my PVE management interface. I prefer to put it on the LAN, but that means it invariably ends up on a network number different from whatever I'm running for a router. So I have no access unless I mess with my network settings on my PC. Then I have to change them back to test out the router behaviour. I just wondered how you manage this problem in your setup, or do you just live with it?

• Great Video – first TechnoTim I have seen. Great job explaining and sharing. I have been using pfSense about 2 years now on an HP t620+ ThinClient with an added 2-port Intel i350-T2 card. Been working great, but I have this awesome Workstation class machine I want to use for ProxMox. I have 8.0.9 installed there, and I am just beginning. I purchased a 4-port i350-T4V2 for this box, and it is working fine. In the t620+ I had disabled the on-board NIC as was not using it.

  I know that ProxMox requires a NIC for accessing the host/dashboard, but can it be one of the 2-ports I will use on the i350-T4? I have a cable from Cable modem to port 0 on the 4-port and cable from port 1 to the Netgear Orbi (wifi AP)…as it has a satellite in the other end of the house where the office is – so that I have Wired (per se) access back there and wifi is stronger. From the Orbi (at the ProxMox box & modem – there is a cable into the on-board NIC of the ProxMox host). If I unplug this, I lose access to the host dashboard.

• I'd do this, but there is a major downside.
  When you have to take your ProxMox server it's hosted on down, or it goes down, there goes the internet down for everybody.
  You might need that internet to download something to get your server back up… which means you'll be digging out your dedicated DD WRT router appiance and plugging it all back in again. I'd keep it at the handy to do the switcherroo in a pinch.

  My appliance is a WRT3200ACM which is more than beefy enough for anything I throw at it, over kill even… so no benefit for me to do this.

• Actually my DC hands out IP addresses, but otherwise thanks for the tips on the passthrough stuff.

• Hello Tim. I'm banging my head around a setup with a Chinese 6x ports firewall, proxmox and a openwrt lxc. I can't see LuCi, and the structure of CIDR and gateway is obscure to me. Is there a forum I can meet with you and have a chat? Are you on the proxmox forum?

• i got further with 8.0 then others version with this guide ty i have an older intel dual 100 nic that i may use as new is not in the cards yet lol.

• If our server has multiple nics can we just use one we’re not currently using instead of installing a separate card can’t we?

• doesnt matter what card you use, just create bridges in proxmox so network card is used by much better linux drivers and not bsd

• Thank you for this video. I have one “noob”question. Using a physical machine that has 6 network ports, running ProxMox and a pfSense VM…how can I access ProxMox web control panel from my network that is being served by pfSense? Do I just need to ensure ProxMox is on the same subnet as my LAN? Thank you kindly for helping.

• So all other vms and the host should use the vmbr u mapped to lan right?

• How does this work when you want to use this as your main router from your ISP. Currently I have a consumer router that allows me to connect to proxmox. How do I swap over to pfsense by plugging my wan port into proxmox and having my lan still work. Do I need to configure proxmox in the same address space as my current router?

• Does anyone know if it's theoretically safer to run pfsense on dedicated hardware, to avoid escalation of access to other host VMs?

• Hi i have try but pfsense give ip to my devices but they can not connect to the internet do you have any clue why? thanks

• Can I do it with Proxmox Virtual Network? I don't have a network card to add extra. Thanks for the video

• Proxmox running PFSense + TruNAS Scale + Ubuntu ++ PlexServer ++ SMBA ++ Home Security Video/Audio/Alarm

• after 2 years I am still having issues getting proxmox nodes behind the virtualized opnsense to get SSL working right…

• Thank you for doing this, and the education, I appreciate it, it worked great.

• Hi, I can start pfsense without adding the 2 pci card, when I add the pci card I get "TASK ERROR: start failed: QEMU exited with code 1"

• Even though I have a PCI network card with two ports, adding them as PCI cards in Proxmox did not work for but instead as NICs, the rest was flawless, thanks for the video man, I dropped a sub as well.

• Amount of ads to watch a video of yours is insane. No thanks

• If I do this and my pfsense VM doesn't boot – can I still access proxmox?

• Might be late to the party, followed your video and worked perfectly (thank you) only thing is if I reboot the vm (for pfsense) I don't get a WAN ip back, only way to get it is to reboot the Proxmox server, can't find anything to point me to the correct direction

• Could I connect a switch from NIC to add more physical devices ?

• Hello, my networking setup at home are ONT and a openwrt router.
  Can i set the pfsense on the midle of the ont and router

• Can I use pfsense with truenas scale?

• Can I ask a question, probably a stupid one but here goes… How are the two wired? I have my internet coming into my home to my modem, then to my router. Then to a switch and a line from the switch goes to my Proxmox server via it's ethernet connection on the motherboard. So far so good. I create the Proxmox server and I can attach to it via it's webpage. All good. NOW, in my Proxmox server I have a 4 port ethernet PCIe card (Intel). Nothing is attached at this point. I next go to the Proxmox webpage on my server and install pfSense. Once it's installed, I am prompted to insert the WAN connection…. and here's the problem…. if I unhook the WAN line from my Internet suppled router and plug it into the Intel 4-port card of the Proxmox server, I loose connection to my Proxmox server, which keeps me from configuring Proxmox or the pfSense VM. I was able to get pfSense to work but I have to keep switching connections back to the motherboard ethernet connection in order to maintain the VM. Is there any way to so me a drawing or explain how to access the Proxmox server once connected to pfSense?? My understanding is that pfSense is supposed to replace my ISP supplied router. Am I misunderstanding something here? Thank you for any help you can provide.

• How will all the virtual servers get ip? Also the proxmox will have a different network? Hiw will the whole thing work

• Heyo Tim, you have greatly helped me get into the Homelab scene, and I appreciate it. With that said, you really should consider revisiting this video with a 2022/2023 edition. Reason why I say this is because passing my NIC down to the OPNSense VM in Proxmox (and even Pfsense) straight up did not work. I almost gave up, until I talked to someone that had a workaround: by creating a Linux bridge with the NIC as an alternative way. Passing the NICs down did not work but creating a bridge did. I had other people express their grievance about following your video and having it not work. And from what I heard, when it comes to virtualizing routers/firewalls, passing down NICs is a huge NoNo for this reason. I have no doubt this worked for some people, but I feel like there is a higher chance of success with an updated video by using the create Linux bridge method. Just my 2 cents!

• is there a way to make segmentized network inside of virtualized firewall? i mean to deliver tagged vlans to pfsense or in my case Sophos XG Home firewall, through truenas (in my case Scale) thanks 🙂

• Hello i got an issue, my dhcp not work on physical computer, only on virtual machine, can u help please

• can this run in docker container?

• any updates on this? I am doing this ahem… 2 years later – but yes – doing it.. I haev OPNSense in a VM – but instead of passing the physical pci device why not virtualize that so we can make use of HA services on Proxmox ? Make the failover mirror on proxmox on another server with similar hardware setup – then if one machine needs to be shutdown for updates or maintenance – easy to migrate to other node on the cluster and keep everything going… no? Would love to see how this is done in your world.

• This video was awesome. While we are on the subject of virtualizing firewall: Can you add a third NIC to the PFsense VM that is also on the LAN side but its inside the Proxmox virtual environment? What I mean is, for physical devices on the LAN side you would connect it to the LAN physical port (maybe add a switch first), but for the other VMs that live on the same Proxmox host as the Pfsense, it would be a waste to send their traffic out a phisical port then back on the LAN port. Is my assumption correct that all you would have to do is create a new linux bridge in proxmox (vmbr2 maybe) and just add that as a third adapter to pfsense and configure it as LAN. Then from there just add that bridge as an adapter to all your VMs?

• question how can include proxmox web on same network as you pass hardware pci direct to pfsense im trying to acess proxmox direct from pfsense network ?

• Any thoughts on installing with zfs? Seems to be the default these days

• If I disconect the ISP router to connect to the WAN port, then who is providing the IP address to proxmox so I can control it?

• Outstanding!!!! Thank you for this!
  What is cool, is since the host os is debian based, you can install and run netstat which gives MUCH more information about thruput on the nics

Comments are closed.