Linux firewall distro

The discussion room for the Virtual DSM Manager package
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:

https://account.synology.com/support/support_form.php?lang=enu



2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
Dentifrice
Novice
Novice
Posts: 49
Joined: Mon Jan 02, 2017 6:38 am

Linux firewall distro

Postby Dentifrice » Mon Aug 07, 2017 12:58 am

Hi,

do you know a Linux firewall distro that works in VMM ? All the distro I tried don't detect the iscsi controller (pfsense, Sophos UTM, etc...). I tried like 4-5 differents.

Of course, all full distributions like Ubuntu are working fine. For Windows, you can load the driver in the installation but all the firewall distro I tried don't have any option to add driver (anyway we don't have drivers in the synology guest drivers ISO).


so, do you know one that is working ? Or is there any special magic trick to make the controller detected ?

thanks
goose7791
Rookie
Rookie
Posts: 32
Joined: Wed Dec 24, 2014 8:58 pm

Re: Linux firewall distro

Postby goose7791 » Thu Sep 07, 2017 7:54 pm

I was able to get Sophos UTM 9.5 working by using IDE storage and the rtl8139 NICs. Starting up the PostgreSQL takes forever and a day, but it's up and pings.
User avatar
sbarnea
Novice
Novice
Posts: 49
Joined: Wed Apr 30, 2014 2:03 pm
Location: Norwich, UK
Contact:

Re: Linux firewall distro

Postby sbarnea » Sat Oct 07, 2017 3:49 pm

I would be really interested in running pfSense virtualised on my Synology DSM which already has 4 NIC interfaces.

Am I the only one dreaming about this? Any chances of this becoming true?
sigs are evil!
mervincm
Knowledgeable
Knowledgeable
Posts: 323
Joined: Wed Jul 30, 2014 6:08 am

Re: Linux firewall distro

Postby mervincm » Mon Oct 30, 2017 11:29 pm

I would like to do this as well.


Assuming your CPU has it, I am wondering if AES-NI is exposed to the VM, this is required for FPSense 2.5
1815+ (factory patched board) 4GB 5x6TB WD RED
ttmcmurry
Novice
Novice
Posts: 56
Joined: Mon May 15, 2017 9:53 pm

Re: Linux firewall distro

Postby ttmcmurry » Thu Nov 16, 2017 4:55 am

I'm running pfSense 2.4.0 on my DS916+ - it's been up for 31 days. I can get about 255mbit out of it on a gigabit internet connection once pfBlockerNG and snort are configured.

Ultimately my goal with it was to have two pfSense firewalls running; one on my much more powerful esxi desktop (Dell Precision T1600 SFF, Xeon, 32GB RAM) and have the NAS be the failover. Due to lack of time I haven't gotten around to doing it "right" so I can get the virtual interfaces on the ESXi VM and VMM VM to be identical. My first attempt, the interfaces didnt' line up so only some VLANs worked right - failover worked, but the nets went to the wrong destinations as a result. A rebuild is required to "fix" that. Apparently everything with pfSense is based on sequence and there's really not a good way to rename interfaces without breaking the XML config / I just don't know what i'm doing to perform that action safely. :)

It turned out the networking on VMM was easier than I thought it would be; and was much more simplified in practice as well. ESXi's networking, while still "easy", is infinitely more powerful and flexible than VMM can be without more work in DSM first to give users more control over Open Virtual Switch (OVS).

If y'all have any questions, let me know.
drjobs
I'm New!
I'm New!
Posts: 9
Joined: Tue Mar 27, 2018 3:24 am

Re: Linux firewall distro

Postby drjobs » Fri Mar 30, 2018 12:49 am

I will probably not get a reply, but how exactly can you the packets find their way into and out of the "correct" ethernet port on the NAS? You need to do some routing on your router, and then routing on the NAS itself, not the VM, right?
atakacs
I'm New!
I'm New!
Posts: 8
Joined: Mon Jun 01, 2015 7:39 pm

Re: Linux firewall distro

Postby atakacs » Mon Apr 16, 2018 2:29 pm

I muss confess that this is an intriguing concept - anyone with more info / experience ?
ttmcmurry
Novice
Novice
Posts: 56
Joined: Mon May 15, 2017 9:53 pm

Re: Linux firewall distro

Postby ttmcmurry » Mon Apr 16, 2018 4:57 pm

Getting packets "in and out" isn't a special concept. The firewall/router simply needs to exist in the subnets you want it to be in. Its nic(s) need to exist in the default VM network (no VLAN or Tagged VLAN) or if it's in a specific numbered VLAN (untagged VLAN) + network with direct access to the modem or upstream router.

Routing is always done by IP, so regardless of the way the network was built .. flat or VLANned .. each subnet that needs to get to the internet will always refer to the designated router - either one you manually enter, or the one specified in DHCP - and they could be the same IP in your network; depending on your design.

Technically it's no different at all than bringing up a Windows or Linux VM.

As I said earlier in this post I use pfSense and it works just fine on 2 cores. I wouldn't expect to get much throughput past 200mbit if enabling Snort & pfBlockerNG.

Return to “Virtual Machine Manager”

Who is online

Users browsing this forum: No registered users and 1 guest