Another pci-passthrough NIC question

[furfix]

I have at home a PC running Proxmox with a couple of VMs. Currently the PC has a 2.5G NIC (Onboard) and I'm planning to install a Mellanox NIC with dual SFP+ ports in the following days, because I want to migrate my LAN to 10G fiber.

I'm running my firewall **Sense in an small box without SFP+ ports, so I want to move my firewall to Proxmox, and these are my questions:

1) I would like to passtrhough both Mellanox SFP+ ports directly to ***Sense VM and avoid using soft bridging.
2) (and this is the part that I have no idea) I want my Firewall VM to provide connectivity to the Host and to all VMs. I understand that if the Firewall VM got rebooted, I will lose connectivity to Proxmox and to everywhere, but it's the same it's happening now. If I reboot my little box, I can't get access to Proxmox, so I really don't mind it. Worse case scenario, I think I could set an static IP to the Onboard NIC and get access to the GUI through that port, right? But I think that would be my second step.

Does somebody could tell me first, if it's possible...and second, how to do it? I know how to pci-passthrough the Mellanox NIC to the Firewall VM, but I have no idea how to provide connectivity to the Host and the rest of the VMs, via the Firewall VM. Once I passthrough the NIC, I blieve I will be not able to create a Bridge to the already passedtrough LAN port of the Firewall VM because the Host (proxmox) will not see it anymore, right?

Thanks in advance!!!

 

[furfix]

I've installed the Mellanox ConnectX4. I could successfully passthrough the NIC to the firewall VM, but I can't find any way to provide connectivity to the rest of the VMs in this way. There is no info out there, so I'm starting to think, it's just not possible.

If anyone has any idea, will be much appreciated

 

[leesteken]

I've installed the Mellanox ConnectX4. I could successfully passthrough the NIC to the firewall VM, but I can't find any way to provide connectivity to the rest of the VMs in this way. There is no info out there, so I'm starting to think, it's just not possible.

If anyone has any idea, will be much appreciated

Add a virtual NIC (VirtIO), which will be connected to the virtual bridge to with the VMs are connected, and set it up inside your firewall.
EDIT: There is a whole sub-forum about networking: https://forum.proxmox.com/forums/proxmox-ve-networking-and-firewall.17/

 

[furfix]

Add a virtual NIC (VirtIO), which will be connected to the virtual bridge to with the VMs are connected, and set it up inside your firewall.
EDIT: There is a whole sub-forum about networking: https://forum.proxmox.com/forums/proxmox-ve-networking-and-firewall.17/

if i passthrough the NIC, the host dont see the card anymore. there is no bridge to be added to the VMs.

 

[leesteken]

if i passthrough the NIC, the host dont see the card anymore. there is no bridge to be added to the VMs.

Well, just add a virtual bridge. A virtual bridge does not need a physical NIC. Did you remove vmbr0? Otherwise, just leave the bridge-ports empty.

 

[furfix]

Well, just add a virtual bridge. A virtual bridge does not need a physical NIC. Did you remove vmbr0? Otherwise, just leave the bridge-ports empty.

oh, ok. I understand now. Sorry for that! So I create an empty bridge on the host and I assign that bridge to the firewall vm and the rest of vms…
my doubt now is that on my fiewall vm, i will need to setup 2 LAN interfaces… one the physical one for my physicak network, on one virtual fir my VMs, right?

 

[leesteken]

my doubt now is that on my fiewall vm, i will need to setup 2 LAN interfaces… one the physical one for my physicak network, on one virtual fir my VMs, right?

Probably something like that. Often the inside is the (virtual) LAN and the outside is the DMZ or WAN. The details depend on your choice of firewall. Maybe the questions has come up before here: https://forum.proxmox.com/forums/proxmox-ve-networking-and-firewall.17/