On Wednesday, 31 May 2017 22:12:51 UTC+10, Connor Page wrote: > I don't do hotplugging to pfSense. I've created separate Fedora based netvms > with bridges named LAN and DMZ and connected pfSense to those at start. Then > other VMs can use those netvms and connect either to a bridge or do the usual > Qubes routing. Physycal NIC's can be added to tjose vms and bridges. In case > of routing one needs to masquerade selectively on the bridge interface (qubes > does masquerading on all interfaces except lo and vif+ by default). In case > of bridging, vm's config file has to invoke vif-bridge script, provide source > bridge name and vm's ip address. Then the script will do the rest. qvm-start > --custom-config=... > > This may be not optimal as bridges consume cpu cycles and irq processing. On > the other hand Qubes currently doesn't support HVM netvms so until v4.0 > that's the only solution I see. I'll keep playing with it but I suspect > virtualised pfSense is not a good idea for real life use.
So PFSense is NOT the first line of defense then? It is behind another guest? I create HVM, then convert it to NetVM/TemplateVM from TemplateHVM. That normally works for me. But the thing is it's difficult if you odn't have the right things there to allow the connection to be created automatically. so that's where I come unstuck. Even if it's the external, then you have multiple internals, that are statics, after that you have the guests behind them, then that would work? How do you set up multiple NICs for it though? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ef2262de-7d00-4b25-8666-beecd1b1ab91%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
