Troubleshooting Networking Issues: pfSense WAN Configuration and Proxmox Setup, Single IP

S

SkinnyBruv

New Member
Feb 19, 2024
2
0
1
G'day,

I am currently hosting a VPS with a single IP address (149.88.106.191) and a gateway at 149.88.106.254. I have successfully configured Proxmox with this IP, and DNS is functioning properly. The server can ping external addresses such as 1.1.1.1, 8.8.8.8, as well as the local IP (149.88.106.191) and the gateway (149.88.106.254).

However, I have encountered an issue with a virtual machine (VM) created under vmbr0 (pfSense). While the VM can successfully ping the local IP (149.88.106.191), it is unable to reach the gateway at 149.88.106.254, and also cannot reach 1.1.1.1, 8.8.8.8

Here is a snippet of the network configuration in the /etc/network/interfaces file:
Code: 
  GNU nano 7.2                 /etc/network/interfaces                        
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 149.88.106.191/25
        gateway 149.88.106.254
       
auto vmbr0
iface vmbr0 inet static
        address 172.16.23.1/24
        bridge-ports eth0
        bridge-stp off
        bridge-fd 0

        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '172.16.23.1/24' -o eth0 -j>
        post-down iptables -t nat -D POSTROUTING -s '172.16.23.1/24' -o eth0 -j>

auto vmbr1
iface vmbr1 inet static
        address 172.16.24.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

source-directory /etc/network/interfaces.d
source-directory /run/network/interfaces.d

How do i route the vmbr0 to the gateway using IPTables or any other suggestion?

Or is there an easier way?
 

Attachments

  • Screenshot 2024-02-21 190617.png
    Screenshot 2024-02-21 190617.png
    43.2 KB · Views: 2
Last edited:
Hey ,

I wonder you re mixing many thinvs in one, and forgot steps.

You re sayi g you ve only 1 public ip adress. Well, you cannot use vmbr0 for any orher VM, EXCEPT THAT YOU TAKE ANOTHER IP PUBLIC @ dedicated to thia VM ( with a /32 submask)

What are you really want to do?

If pfsense need to be the only one that speak with the public @, you need to unload this IP before from your proxmox
(Be aware: it s possible, but hard cfg to do)

If you don't want to break your actual configuration, then you need to create a vmbr between prx VE and pfsense.
Then, nat all traffic from vmbr0 to your vmbr1 pfsense WAN adress.

The most difficult, but the best configuration is:
Preconfigure all your internal VE network.
Make all running before any hard bypass from pVE.
Then, if all running good, unload public IP in pVE configuration, BUT don 't apply it.
Give the public ip address to pfense ( with the same conf params from pVE if conf)

Then, revoot and pray yours gods that you've nothing missconfigured


That ( for me) the 3 way that you can use.

The easiest way is the first solution, needing more payment for IP, but don't broke nothing in pVE configuration.

all 2 other solutions works, but be really safe in your actions. The advantage of them are you can continue to have only 1 public ip adress.
 
For individuals utilizing cloud-init's network configuration capabilities:

The following configuration proved effective in my case.

Code: 
#/etc/network/interfaces.d/50-cloud-init:
# loopback
auto lo
iface lo inet loopback
        dns-nameservers 1.1.1.1 8.8.8.8
        dns-search datapacket.com

# public IP address
auto eth0
iface eth0 inet static
        address 149.88.106.191/25
        gateway 149.88.106.254

Code: 
#/etc/network/interfaces
auto lo
iface lo inet loopback

iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
        address 172.16.23.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address 172.16.24.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '172.16.23.0/24' -o eth0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '172.16.23.0/24' -o eno0 -j MASQUERADE
        post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

source-directory /etc/network/interfaces.d
source-directory /run/network/interfaces.d
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back