View Single Post
  #1   (View Single Post)  
Old 14th November 2008
Bruco Bruco is offline
Fdisk Soldier
 
Join Date: May 2008
Location: Kalamazoo, MI, USA
Posts: 61
Default FreeBSD as firewall/router on VMware ESXi

I'm going to be inheriting an old Compaq Proliant server from work to use at home. It's nothing special, has a couple PIII procs, 4GB of RAM. But it will run VMware's free ESXi product on it, which I'd like to do. We're moving to VMware at work and the more experience I get, the better. Besides, it's fun to play with!

One thing I'd like to consider doing is running a FreeBSD virtual box as my router/firewall for my home network (I have DSL). Right now that job is handled by a Buffalo router with DD-WRT on it, and I've learned some iptables from it, but I'd really like to learn from the ground up with pf.

However, my concern is the miserable network performance I think I'm seeing from FreeBSD 6.3 as a virtual device (I had problems loading 7.0 on ESXi). I read this page:

http://taosecurity.blogspot.com/2007...nterfaces.html

and it certainly makes sense, with the lnc driver network performance was pretty sad. Even pinging localhost gives me times around .165 ms, where as on two physical FreeBSD boxes (using fxp and sis network drivers) pinging localhost gives me responses in less than half that time.

I did use the article's advice and changed to the em driver. That did cut my ping to localhost time down a little bit (more like .141 ms). But obviously that still isn't as good as a physical box.

So, my questions would be, to anyone that has experience with this:

1. Is it worth my time to either recompile the 6.3 kernel or fight with 7.0 until it installs so I can use the le network driver instead of lnc or em?
2. Is it foolish to even attempt using a virtual machine as a gateway and firewall? (Obviously this is would just be for a tiny home network on a DSL line, so maybe I wouldn't notice a difference, but I'm curious what people's opinions are.)

Thanks!

Last edited by Bruco; 15th November 2008 at 12:13 AM.
Reply With Quote