Sme9 to nethserver


I am new i this forum and nethserver.

I am running an sme 9 server with an intranet application
coded in php5 and mysql without mysqli.

it is an old system.

Is it possible to run this system on a nethserver without to recode php changes and All SQL requests?

The system is only used inside an local network.

Other “Ibays” should offcource run nethserver default php and mariadb.

1 Like

Default NethServer (CentOS7) ships with php5.x so that should not be a problem.
I think the shipped mariadb module supports ‘no-mysqli’ databases, so basically this should be possible.
In the admin manual there is a chapter about migration from SME to NethServer:
I would strongly suggest to first try in a VM and don’t forget to make backups.
If you run into issues, don’t hesitate to ask here, We will try and reproduce them and hopefully, solve them together.

1 Like

On NethServer ibays are no longer used for serving web content. That would translate into virtual hosts (stored on a different path than ibays).


On virtual hosts: If you use php-scl collection you can assign the php version for each virtual host independently.


Thank you for your answers. I Will try to install a testserver in virtual box before buying New hardware.

Testet in virtualBox, Now I only need to migrate the system :slight_smile:

I think I will try to migrate everything into an virtualbox and test for the following months.

After that move to new hardware.

try proxmox instead of virtualbox, for the long term it is better…you cannot come back to real hardware when you have tested virtualisation


Hi Stephane

I might give proxmox a try, I have only used Virtual Box for testning purpose, but it would be great to have the real server virtualized.

I think i have some old hardware for a test. :grinning:

1 Like

I let you dig in the wiki :

Just ordered New hardware for Proxmox server. I am starting testning in a week or two.

For proxmox, would you suggest Nethserver firewall, or should i go with pfsense vm?


Hi Simon

I’d use a seperate firewall, but OPNsense, not PFsense…

See this firends Home-Lan. The firewall hardware (Soekris) died, and I had to setup (via remote) a new firewall… It’s been working over a year now, extremly stable.
If I, accessing that network with VPN, need to reboot the Proxmox, I can log in with VPN in 3-5 minutes…

Here, the Firewall is running in Proxmox, is always the first to boot, and has 2 virtual NICs associated: vmbr0, connected to my friends home LAN, and vmbr1, which is simply connected to the guy’s Internet-Box.

VPN from outside in (roadwarrior VPN) works with OpenVPN and with IPsec.
This guy only has a dynamic connection from his provider, so we use DynDNS.
The DynDNS named is the target for his “official” DNS, with the domain pointing to the DynDNS name.
Even so, site2site AND roadwarrior VPN works well and extremly stable!

Using a seperate firewall from nethserver will allow you to reboot your nethserver - and still have internet in the meantime… (Usefull if you’re testing stuff…) A firewall boots faster!

The creator of Monowall (From which PFsense was forked), Manual Kaspar, suggests using OPNsense, NOT PFsense (Also due to the fuss they made when OPNsense forked, not very OpenSource mentality!). I’m using OPNsense for about 30 clients, most on hardware boxes, some virtual. Most virtual Firewalls are used at friends Home-LANs.

If you can handle PFsense, you can handle OPNsense! Both have the same basis, OPNsense has a bit more modern GUI, IMHO.

If it helps, I can provide a default config for OPNsense… :slight_smile:

My 2 cents

Just to be sure. For a small company, you will always setup separate firewall on its own hardware?

I can see many People are suggesting that.
I am just thinking, If i passthrough 2 nics to Opnsense or Nethserver in proxmox and use 3. Nic for Proxmox host. Will that be same security level?

Off-course 150$ hardware firewall should not be saved If it is the safest solution.


for me it is always the safest of all options to use a firewall on separate hardware. But everyone has to decide for himself.




Hi Simon

Simple scenario: You’re having issues with your NethServer. Maybe because it’s a bare metal install, and that hardware is having issues. Or you test installed something, and “cleaned” up too much.
Now Internet’s not working, and you need online help or Google…
It’s not easy to copy/paste a linux instruction from your mobile phone into your Laptop or other console…

OPNsense is small, fast and does nothing else but dealing with Network perimeter security, that is, it handles protecting your network and allowing you access to the outside world. It’s lean and mean, meaning it boots up fast. I use a 16 GB SD on a hardware box (PCengines, for example), or a 20 GB virtual Disk on a virtual OPNsense in Proxmox. Backups with Proxmox are extremly fast, 1-2 minutes, and OPNsense also provides it’s own config backup, if needed even encrypted to your Google or Nextcloud account on a regular basis…

Your Proxmox only needs one NIC if using a separate box as Firewall.
The NIC is logically connected inside Proxmox to a virtual switch (called vmbr0) and allows access to Proxmox, but also all VMs connected to vmbr0 (Like your Nethserver, which would only need one NIC connected to vmbr0).
If using a virtual Firewall on Proxmox, the above stated remains valid. So you only need to create a 2nd Bridge vmbr1, with no IP configuration on the Proxmox side. It’s just a bridge, with NO IP.
The virtual Firewall would use vbbr0 for LAN and vmbr1 for WAN.

Note WAN:
If you have DSL at home, you can bridge your provider box, or set default host / DMZ (Depending on make/modell) in that box. Proxmox can passthru PPPoe Trafic. If uising cable or fiber with a direct LAN-like connection and real IPs, Proxmox just passes the IP packets…

You can start with a virtual Firewall, and when you DO get yourself a hardware box, just export the config to your PC/Laptop, and restore it on the hardware box - all via Web!

If you need additional help / pointers, don’t hesitate to PM me…

My 2 cents

I use, like, and recommend pfSense, but I agree with this. And I have to admit its menu structure is downright idiotic.

1 Like

This can be a secure configuration. A problem I had, though, when I was running SME9 under Proxmox, was very poor routing throughput. Maybe it was hardware, maybe it was configuration, maybe Proxmox has improved since then, maybe it’s something else or some combination, but I was never able to get more than 10-12 Mbit/sec throughput with SME9 in a Proxmox VM as my router.

x86 hardware that would be suitable for pfSense/OPNsense isn’t terribly expensive (it can be really cheap if you have an old box laying around)–put it on separate hardware if you can.


Proxmox has improved very much since then.
SME9 is still stuck where it used to be.
( still has 9.1, has 9.2…)

With OPNsense I’m getting >97% of available bandwidth (In Proxmox).
Actually, here at home I have a Hardware OPNsense, and one in Proxmox.
I don’t have sensitive enough equipment to measure the difference!

Coming from a swiss, acknoledging timing issues, that’s saying a lot! :slight_smile:

And my Proxmox is running on 9 year old hardware, at least still a Proliant, but old!

My 2 cents

Possibly–this was about four years ago. Even at the time, the folks on the Proxmox forum thought it was an anomaly, though they weren’t able to point me in the direction to fix it.

…which is why I’m now using Neth (as with many others, I expect). But I don’t think anything in SME accounts for the poor performance.

Actually, mine isn’t much older, only 10 years vs. 9.


You can’t compare your 200 GB RAM Cluster to my single 16 GB RAM server! :slight_smile:

I also didn’t think at the SME was at fault. SME has pretty straightforward networking, no virtualization or promicious mode needed like Nethserver with AD.

But Proxmox is very stable, even with Passthru routing…

Actually, it’s amazing how well Proxmox handles all forms of Passthru.

A guy on youtube made a hackintosh and passed thru the 2nd grafik card, the latest at the time supported by apple…
All worked!

My 2 cents