6
submitted 1 year ago* (last edited 1 year ago) by eldavi@lemmy.world to c/linux@lemmy.world

i've created my own wifi router & firewall using pci passthrough for the network card to a kvm/libvirt/qemu virtual machine running pfsense hosted on an ubuntu server and it works well enough; but the pci id changes roughly every other reboot.

i was thinking of adding another hack in the form of a bash script to launch the vm and then modify the virtual machine's xml if there's a problem and then attempt another relaunch; but this entire exercise has taught me the hard way that hack-on-top-of-hack-on-top-of-hack is impossible to remember and there will come a point where something will break and i'll spend a couple of days relearning how to build my own router again.

any advice on how to make it all more mindless and/or graceful?

top 3 comments
sorted by: hot top controversial new old
[-] sainth@lemmy.world 2 points 1 year ago

What does running pfsense in a virtual machine really give you? Consider setting up the ubuntu server as a router directly. The most important part is making sure you configure the firewall correctly (iptables or nftables). dnsmasq can handle dhcp requests and hostapd can provide wireless. Be careful that all services are listening only on appropriate network interfaces before you connect it to the internet.

[-] Illecors@lemmy.cafe 3 points 1 year ago

It gives flexibility. Snapshots, migrations, etc.

[-] eldavi@lemmy.world 2 points 1 year ago* (last edited 1 year ago)

i learned the hard way about a decade ago that i lack the patience and sufficient enough attention to detail to run a public facing server of any kind; so the biggest benefit of using pfsense is peace of mind.

the 2nd biggest benefit is a perpetually self auto updating firewall and significantly improved capacity without having buy to a new router every few years. i started this rebuild because i'm anticipating a gigabyte connection and the previous network adapter i was using for pci pass through would have been the biggest speed bottleneck.

the 3rd biggest benefit is that i also use the host as an everything server including backups, extra storage, internet accessible storage, print, media, torrent, automatic vpn, automatic ad blocker and tv via kodi and i don't have to configure most of it since those capabilities are click-on-a-checkbox-to-turn-it-on easy thanks to the pfsense software.

finally: each time i have to do it, i learn at least one new thing about the foss ecosystems/projects related to the components/services that i have to build and how they've changed or how alternatives are needed since the last time i did it.

btw: the server is handling the dhcp and wifi using networkmanager because hostapd is about 25% slower and pfsense is only the firewall and most of those services i mentioned earlier.

load more comments
view more: next ›
this post was submitted on 16 Jul 2023
6 points (100.0% liked)

Linux

8114 readers
80 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 1 year ago
MODERATORS