QNAP’s QTS and QuTS hero operating systems have the Virtualization Station application, an application that will allow us to perform full virtualization of operating systems such as Windows or any Linux distribution. In addition, we also have the possibility of installing a virtualized pfSense operating system, to perform the functions of main router, firewall and provide services such as DHCP and DNS to the entire local network. Although the configuration can be somewhat complex at first, today in RedesZone we are going to show you in a complete video how we should do it, and we will leave you some instructions so that you can follow it step by step.
Network configuration with “Network & Virtual Switch”
The first thing we must do to properly configure our NAS server as a router is to configure all the Ethernet ports correctly to later associate them with the pfSense operating system. In the “Virtual and network switch” section we must configure two network interfaces, the first interface will function as Internet WAN, and the second interface as LAN (local network), also, if your NAS server has more network interfaces, our recommendation is that you use a third port for emergency NAS access.
Therefore, the network interfaces (add new interface in Virtual Switch) that we have to configure in the “Virtual and network switch” part are the following:
- WAN-PFSENSE : this network interface must be in bridge mode, clicking on “Do not assign IP address”, to obtain the public IP directly from pfSense.
- LAN-PFSENSE : this network interface must have an IP address within the range of pfSense to be able to access the NAS server from the router, usually pfSense has the LAN at 192.168.1.1/24, so this interface should have 192.168.1.2 / 24 with the default gateway of the router (192.168.1.1).
- EMERGENCY LOCAL ACCESS : this network interface must have a fixed IP in another IP address range, such as 192.168.99.1. In this interface we can configure the QNAP DHCP server, although our recommendation is not to do it, and have to put a fixed IP on a PC to access the NAS server as an emergency.
The emergency port is a little “trick” that will allow us access to the NAS always, even if the pfSense crashes or Virtualization Station stops working. It is the first thing you should configure. Once we have configured everything, it should look like this:
To correctly configure the interfaces, we have to go to the « Network / Virtual Switch « section, in this section we always have to use the « Advanced Mode » option to configure all the network interfaces. Although it is possible to create them with the «Basic Mode», our recommendation is that you have it in the other option to have all the configuration options.
Once we have clicked on « Advanced Mode «, we will have to select the physical interface that we are going to configure, we must not configure anything in Virtualization Station yet. And we have to uncheck the option ” Enable the Spanning-Tree Protocol to prevent bridge loops “.
Depending on the interface configuration, we will have to choose one option or another:
- WAN: Do not assign IP address.
- LAN: assign a fixed IP address like 192.168.1.2/24 and default gateway 192.168.1.1
- Emergency: assign a fixed IP address such as 192.168.99.1/24 and no default gateway because there is none, it is for local access only.
Once we have configured the network, we now have to properly configure Virtualization Station 3.
PfSense Configuration in Virtualization Station
In the Virtualization Station menu we will have to add a new virtual machine, give it a name, select the ISO image and the destination, as well as select that the operating system is UNIX with the latest FreeBSD version that appears. Once we have created the virtual machine but have not started it, our recommendation is to make some advanced configurations before starting it.
In the ” General ” part you can set the CPU to be “Passthrough” and hide the KVM signature, in addition, we can select the number of CPU cores that the virtual machine will use as well as the RAM memory of the VM, in pfSense with few services with 4GB is enough, if you are going to install additional software with many services, you may have to allocate 8GB for everything to go smoothly. We leave the rest of the options as they are in the following screenshot:
In the ” Boot Options ” part we choose legacy BIOS, and leave the boot devices as they are.
The network section is the most important, here we must configure the network interface that it automatically creates as:
- Model: VirtIO
- Virtual switch: WAN-PFSENSE
- MAC address: we must take it into account, to later assign it to the Internet WAN in pfSense.
Now we will have to add a new device, select “Add device” and select “Network”, create a new network with the following options:
- Model: VirtIO
- Virtual switch: LAN-PFSENSE
- MAC address: we must take it into account, to later assign it to the LAN in pfSense.
In the following screenshot you can see the summary:
In the ” Storage ” section you can assign the storage you want, in principle pfSense does not take up too much space, so with 50GB of size it is enough, later we could increase it if necessary.
In the CD / DVD section we make sure that it will load the ISO image of pfSense, and the interface that is IDE:
In “Video” we leave it with the default parameters.
In «Audio» we leave it with the default parameters.
In the “Console operation” section we choose “Spanish” and leave the rest of the options by default.
Now in USB we leave the default parameters.
In the ” Others ” menu, our recommendation is to always choose ” Retain the previous state “, because if we update the NAS server, the virtual machine will start completely automatically and without us having to do anything at all. However, you can always choose to lift it manually if you want.
When we have already configured everything, we start the machine, we follow the pfSense installation wizard, and the most important part is to assign the physical interfaces to the Internet WAN or to the LAN, for this we must pay close attention to the MAC addresses of both interfaces , and choose them correctly.
In RedesZone we have recorded a complete video with everything step by step, there you can see a detailed explanation of how we have to create the different network interfaces, how to configure the part of the virtual machine in Virtualization Station, and we also show you the installation process of pfSense, assigning the interfaces correctly, and we will check how we directly access the pfSense operating system through the default IP 192.168.1.1, and the NAS server through the 192.168.1.2 that we have configured specifically in the interface:
Once we have done everything, we will have a working pfSense in our local network to act as the main router. If our operator uses VLANs on the WAN, we will have to create them directly in pfSense, we do not have to touch the QuTS hero operating system at all. The same happens if you want to use VLANs on the LAN, we simply pass a trunk to it from a manageable switch, and in pfSense we create the different VLANs and we create the different interfaces, without touching anything on “Virtual and network switch”.
