Increase the Firewall Maximum Table Entries size to 400000 in System > Advanced, Firewall & NAT
Google 220.127.116.11: Private and unfiltered. Most popular option.
CloudFlare 18.104.22.168: Private and unfiltered. New player.
Quad9 22.214.171.124: Private and security aware. New player that blocks access to malicious domains.
OpenDNS 126.96.36.199: Old player that blocks malicious domains and offers the option to block adult content.
Norton DNS 188.8.131.52: Old player that blocks malicious domains and is integrated with their Antivirus.
CleanBrowsing 184.108.40.206: Private and security aware. New player that blocks access to adult content.
Yandex DNS 220.127.116.11: Old player that blocks malicious domains. Very popular in Russia.
Comodo DNS 18.104.22.168: Old player that blocks malicious domains.
- Proxmox host is up and running
- Host has at least two network interfaces available for WAN and LAN.
- you have already upload pfSense image to the host
Basic Proxmox networking
In order to virtualize pfSense we first need to create two Linux Bridges on Proxmox, which will be used for LAN and WAN. Select your host from the server view, navigate to System > Network. We will be using eth1 and eth2 interfaces for pfSense, while eth0 is for Proxmox management.
Click on create and select Linux Bridge. Under Bridge ports enter eth1.
Repeat the process to add another Linux Bridge, this time add eth2 under Bridge ports.
Proxmox Networking should now display two Linux bridges like on the following screenshot. WARNING: Proxmox requires reboot if the interfaces are not marked Active.
Creating pfSense virtual machine
After creating WAN and LAN Linux bridges, now we proceed to create a new virtual machine. Click on Create VM from the top right section and new virtual machine wizard will appear. Under General tab, add a name to your pfSense VM.
Under OS tab select Other OS types and click next.
On CD/DVD tab select local storage and under ISO image find the previously uploaded pfSense ISO.
On the next tab, select VirtIO under Bus/Device and enter disk size you need.
On the CPU tab select a single socket and add one or more cores. Confirm CPU type is Default (kvm64).
Under Memory tab add at least 1024 MB. Use fixed size memory.
On the Network tab select Bridged mode and vmbr1. Make sure VirtIO (paravirtualized) is selected under Model.
Finally confirm the settings and wait for the VM to be created. Select your newly created virtual machine from the server view sidebar.
While the pfSense virtual machine is selected, click on Hardware settings and add another network device. Under Bridge enter vmbr2 and select VirtIO (paravirtualized) under Model.
Confirm your virtual machine has two network interfaces now.
Starting and configuring the pfSense virtual machine
After creating a new virtual machine and adding network interfaces, it’s time to start the virtual machine. If everything was done correctly, you can see pfSense booting up from the Console window
pfSense will prompt you to select boot mode, press I to launch the installer.
When pfSense setup boots up, follow the installation steps as you would on a physical device. Simply run Quick/Easy setup and wait for it to complete. When prompted, select standard kernel. Click reboot to complete the installation. Make sure you remove the .ISO from the virtual CD/DVD media.
After pfSense virtual machine reboots you will be greeted by interfaces assignment wizard. We will not set be setting up VLAN’s now, so press N and confirm
On the following steps assign the WAN and LAN interfaces. For the purpose of this guide, we have assigned vtnet0 to WAN and vtnet1 to LAN.
After interfaces have been assigned, pfSense will complete the boot.
Configuring pfSense to work with Proxmox VirtIO
After the pfSense installation and interfaces assignment is complete, connect to the assigned LAN port from another computer.
WARNING: because the hardware checksum offload is not yet disabled, accessing pfSense WebGUI might be sluggish. This is NORMAL and is fixed in the following step.
To disable hardware checksum offload, navigate under System > Advanced and select Networking tab. Under Networking Interfaces section check the Disable hardware checksum offload and click save. Reboot will be required after this step.
Congratulations, the pfSense virtual machine installation and configuration on Proxmox is now complete.
deb http://old-releases.ubuntu.com/ubuntu/ oneiric main
deb-src http://old-releases.ubuntu.com/ubuntu/ oneiric main
deb http://old-releases.ubuntu.com/ubuntu/ oneiric-updates main
deb-src http://old-releases.ubuntu.com/ubuntu/ oneiric-updates main
deb http://old-releases.ubuntu.com/ubuntu/ oneiric universe
deb-src http://old-releases.ubuntu.com/ubuntu/ oneiric universe
deb http://old-releases.ubuntu.com/ubuntu/ oneiric-updates universe
deb-src http://old-releases.ubuntu.com/ubuntu/ oneiric-updates universe
deb http://old-releases.ubuntu.com/ubuntu oneiric-security main
deb-src http://old-releases.ubuntu.com/ubuntu oneiric-security main
deb http://old-releases.ubuntu.com/ubuntu oneiric-security universe
deb-src http://old-releases.ubuntu.com/ubuntu oneiric-security universe
Proxmox VE is a complete virtualization management solution for servers. You can virtualize even the most demanding application workloads running on Linux and Windows Servers. Checkout their page: proxmox.com
Due to lack of better backup functionality I prepared patches to support differential backups in Proxmox VE. These patches are in use for over a year.
Currently supported versions are 3.4, 4.1, 4.2, 4.3, 4.4, 5.0.
What are differential backups?
According to Wikipedia:
A differential backup is a type of data backup that preserves data saving only the difference in the data since the last full backup. (…) Another advantage, at least as compared to the incremental backup method of data backup, is that at data restoration time, at most two backup media are ever needed to restore all the data. This simplifies data restores as well as increases the likelihood of shortening data restoration time.
What my patches do?
My patches extends vzdump, xdelta3 and Web-GUI support. And yes, these patches fully support OpenVZ and KVM.
System administrator can use one additional parameter in Backup Jobs (Datacenter -> Backup -> Add/Edit) the Full Backup Every:
- By default this value is set to 0. Which simply means: use old behavior (always create full backups).
- But if you specify value larger than 0, for example 7. It will instruct the vzdump to create full backup once a week and use differentials for the rest.
Please consider the following example:
It will create full backup of VM101 every 4 days, compressed using lzo, stored on local storage.
How to install?
There are three files:
The installation procedure is fairly simple:
- Logged as root download:For PVE 2.2 (deprecated):
For PVE 2.3 (deprecated):
For PVE 3.0 (deprecated):
For PVE 3.1 (deprecated):
For PVE 3.2 (deprecated):
For PVE 3.3 (deprecated):
For PVE 3.4 (deprecated):
For PVE 4.0 (deprecated):
For PVE 4.1 (deprecated):
For PVE 4.1-22 (compatible with 4.1-22 and newer) (deprecated):
For PVE 4.2 (deprecated):
For PVE 3.4-14 (compatible with 3.4-14 and newer) (deprecated):
For PVE 4.2-17 (compatible with 4.2-17 and newer) (deprecated):
For PVE 4.3 (deprecated):
For PVE 4.4 (deprecated):
For PVE 4.4-13 (compatible with 4.4-13 and newer) (stable):
For PVE 5.0 (stable):
- Execute bash script. The script contains all needed patches:
- When everything went right, you’ll see:
- Download and install xdelta3. If you want to use LZOP compressor, you have to download my xdelta3 compilation.
However, if you paranoid about installing untrusted applications you can compile the package yourself. All the sources can be found here: pve-xdelta3-master.tar.bz2
Previous release of xdelta was 3.0.5. Please update to the newer one: 3.0.6.
And what about uninstall?
The procedure is simpler than installation. Type in the bash:
After a while, you’ll see:
What about UPGRADE? (READ THIS)
This is important part. If you will ever want to upgrade your Proxmox installation (by apt-get dist-upgrade or apt-get upgrade) ALWAYS revert/uninstall patches. You will still be able to apply them afterwards.
How to apply new patch version?
- Use previous patch to revert changes.
- Download new patch version and apply as described before.
The results are really astonishing! These are real word values:
You see the differences. The diff sizes strictly depends on the use of the VMs. Using differential backups I have backups from last month (full backup once a week, differential daily)
Why this is not upstream?
I tried to push the changes upstream. They were rejected by Dietmar:
We removed that feature 3 years ago. I have no plans to re-add that. We want to keep vzdump a simple tool.
But I thought that it would be really shame if I wouldn’t go public with this.
Is it stable?
Yes, it is. This extensions uses xdelta3 as differential backup tool, which proven to be well tested and stable. I use it for about 9 months on 4 different Proxmox based servers. No problems so far.
However, if you happen to be paranoidal about backups… You should consider running following script. The script simply tries to verify all differential backups. I recently updated the script to support new VMA archive. So now you can verify backups all supported backups.
In case of any problems applying or reverting patches you can always simple revert back to stock. Simply reinstall modified packages:
Then you can try to reapply patches once again.
In order to remove all leftovers you have to edit /etc/pve/vzdump.cron and remove fullbackup switch from vzdump command line.
- v1: initial public release with support for PVE2.2 and PVE2.3 (2013-03-05)
- v2: improved kvm backup size and speed for PVE2.3 (2013-03-08)
- v3: added support for PVE3.0 (2013-06-02)
- v3′: updated pve-verify-backups to support VMA archives (2013-06-06)
- v3”: updated patches to support PVE3.1 (2013-08-24)
- v3”: updated xdelta3 to 3.0.6. More info about changes: http://xdelta.org/ (2013-08-24)
- v3”: updated patches to support PVE3.2 (2014-03-15)
- v3”: added FAQ (2014-04-30)
- v3”: updated patches to support PVE3.3 (2014-09-23)
- v3”: updated patches to support PVE3.4 (2015-02-26)
- v3”: updated patches to support PVE4.0 (2015-11-07)
- v3”: updated patches to support PVE4.1 (2016-01-22)
- v3”: updated patches to support PVE4.1-22 (2016-04-13)
- v3”: updated patches to support PVE4.2 (2016-05-02)
- v3”: updated patches to support PVE3.4-14 (2016-08-02)
- v3”: updated patches to support PVE4.2-17 (2016-08-02)
- v3”: updated patches to support PVE4.3 (2016-10-24)
- v3”: updated patches to support PVE4.4 (2017-01-23)
- v3”: updated patches to support PVE4.4-13 (2017-04-10)
- v3”: updated patches to support PVE5.0 (2017-07-20)
Detailed list of changes
- repackaged from http://packages.debian.org/wheezy/xdelta3
- added support for lzop
- removed all python references
- added “fullbackup” option
- qmrestore and vzrestore:
- added support for differential backups
- added controls for maxfiles and fullbackup
deb http://ftp.debian.org/debian jessie main contrib
# PVE pve-no-subscription repository provided by proxmox.com,
# NOT recommended for production use
deb http://download.proxmox.com/debian jessie pve-no-subscription
# security updates
deb http://security.debian.org jessie/updates main contrib
02. mv /etc/apt/sources.list.d/pve-enterprise.list /home
03. apt-get update
04. apt-get dist-upgrade
06. Virtual Environment 4.4-18/ef2610e8
deb http://ftp.debian.org/debian stretch main contrib
# PVE pve-no-subscription repository provided by proxmox.com,
# NOT recommended for production use
deb http://download.proxmox.com/debian/pve stretch pve-no-subscription
# security updates
deb http://security.debian.org stretch/updates main contrib
08. apt-get update
09. apt-get dist-upgrade
11. Virtual Environment 5.0-32/2560e073
Technically, we can install KeePass through Ubuntu Software…
…or the Linux Mint Software Manager.
However, if we install KeePass through these channels, we won’t be getting the very latest version. And where’s the fun in that?
Add the KeePass repository
For the latest and greatest KeePass installation on Linux, we must add a repository. We just need to fire up a terminal, with Ctrl+Alt+T, and type:
sudo apt-add-repository ppa:jtaylor/keepass -y
Just a reminder for Linux newcomers, when we use the “sudo” command, and we enter our password, nothing will show as we type, no stars or dots or anything. We just enter the password and hit Enter.
For more information about Linux terminal commands, check out our guide:
After successfully adding the repository, we need to do an update with:
sudo apt-get update
Once the update is done, and we had no error messages, we type the following command to install KeePass:
sudo apt-get install keepass2 -y
Once we finish with the installation, we will find KeePass at the Mint menu, in the Accessories section.
In Ubuntu, we just need to search for it on the Dash.