Proxmox host can't reach the Internet - VM Firewall/gateway scenario

T

TeefHennessy

New Member
Jun 6, 2023
2
0
1
Hi everyone,
After a couple of days of struggling, reading the Internet, and watching tutorials on YT, I still couldn't figure out how to give Proxmox host access to the Internet via Gateway/Firewall guest.

Please advise if this is even possible and/or where the problem is.

Some info about the setup:
  • My guest Firewall (SophosXG) acts as a gateway in my home - all physical laptops and PCs, work just fine.
  • vmbr1 is attached to the firewall WAN port - works fine, gets the IP from ISP, no problem
  • vmbr2 is attached to the firewall LAN port - works fine, I can access the firewall web admin panel, other devices use it as default gateway
  • Proxmox interfaces config looks as follows:
    interfaces.png
  • This is reflected in ip a:ip_a.png
  • IP route shows:
  • ip_route.png
I've tried simply adding a route: IP route add default via 192.168.1.1 - it used vmbr0 as an interface so then I've tried ip route add default via 192.168.1.1 dev vmbr2

After adding it, the whole network goes down. Moreover, I'm running tcpdump on the Firewall while doing some icmp/nc tests from proxmox console and I see nothing at all. I had more exotic ideas which I won't mention for now since maybe you already see the issue or solution is straightforward.

If there is anything I can provide to help, just let me know.
 
Is there any reason why you want to give Proxmox both a WAN and a LAN interface? The usual way to do it is let your Firewall (your Sophos) do all the LAN<->WAN connecting and put every other machine into LAN. Then you can do everything internet-related in your Firewall.

Some things I have noticed:
  • You have no gateway set at all. You gotta remember that the 'IP-Settings' you configure in the interfaces-file are for the interfaces held by your Proxmox Host. That checks out with the fact that there is no default-route in your routing table.
  • Your bridge vmbr2 has several ports. If those interfaces are attached to the same switch you will cause networking loops...
Kind regards,
Benedikt
 
Thanks for the initial reply.

To clarify, below is the hardware hosting Proxmox. The idea was to have 1 interface for WAN, and the rest of them acting like a switch for all home devices and/or VMs.

signal-2023-06-06-161301.jpeg

So far it seems no matter what I plug in "LAN" interfaces, it works fine, being either a TV or PC or whatever. I see traffic flowing through Firewall and reaching the Internet.

But the Proxmox itself can't reach the Internet (no surprise here).

Edit: I'm not trying to give Proxmox WAN access. I want exactly what you recommend - I want Proxmox to perceive Sophos as its Default Gateway.
 
Last edited:
Plug a cable in eth4 that is for management and configure VLANs on the vmbr2 interface.
Or delete vmbr0 and add port eth5 to vmbr2 and configure VLANs on vmbr2.
You can create a management VLAN and a "LAN" VLAN etc.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back