indeed, some features are missing in the VR. If you have other public ip range available, I would suggest - create a shared network with the public ips - create pfsense vm with WAN on the shared network and LANs on l2/isolated network - Configure dhcp/dns in pfsense vm if needed.
If you want to use port forwarding or load balancer, you can create rules in pfsense manually. If you want to use DNAT, add a secondary ip on shared network to the pfsense vm, then configure 1:1 nat in pfsense vm. We have plan to support VNF providers and replace VR with VNF appliance so that some services can be configured automatically. However it highly depends on the api/cli of the software. The pfsense API is not very good. -Wei On Wednesday, May 29, 2024, Marty Godsey <mar...@rudio.net> wrote: > The VR works fine as a basic NATing firewall, but you can't do advanced > next-gen functions like reverse proxies, SSL offloading, robust rule sets, > IDS/IPS, etc. > > I have been setting it up manually. The other way is to have the users > create their VR but then do a 1to1 NAT or a port forward of all ports to > the virtual pfsense. The “WAN” of the pfsense sits in an isolated subnet. > This does use another VLAN for the “WAN” network and is technically double > NATing, but it works fine. I don’t think it scales the best, though, and > may change it in the future. > > From: Wei ZHOU <ustcweiz...@gmail.com> > Date: Wednesday, May 29, 2024 at 3:18 PM > To: users@cloudstack.apache.org <users@cloudstack.apache.org> > Subject: Re: Using a seprarte router other than the virtual router > WARNING: This email originated from outside of the organization. Do not > click links or open attachments unless you recognize the sender and know > the content is safe. > > > I know some users deploy a pfsense or Linux vm as gateway in L2 network or > isolated network without source nat. > No matter which software/os is used, users have to configure the vms > manually. Some features (e.g static nat, pf,lb, userdata) are not supported > either. > I think VR is still the best option with most supported services so far. > What is the purpose of the router ? Gateway or other service provider? > > -Wei > > On Wednesday, May 29, 2024, Marty Godsey <mar...@rudio.net> wrote: > > > Hello All, > > > > What is the best way, or how are you providing a router for customers > that > > is not a virtual router? For example, if I have someone who wants to use > > PfSense for their router instead of the virtual router, what’s the best > way > > to do this and make it as seamless as possible for the customer? > > > > I can see ways to do it, but I am curious to know how other people > perform > > this function. > > > > Thanks in advance. 😊 > > >
