I Can reach the vms but not proxmox itself?

[whateveruser]

So my curret issue is that my isp's modem does not allow me to open ports, so I though about installing opnsense,
https://community-scripts.github.io/ProxmoxVE/scripts?id=opnsense-vm

and put the isp's router under a bridge with proxmox.
and as my board has only one ethernet port, I need to make a virtual nic

So edited the proxmox /etc/network/interfaces as:

auto lo

iface lo inet loopback


# Physical interface

auto enp3s0

iface enp3s0 inet manual


# Main bridge (WAN side) - it should be used by Proxmox host and OPNsense WAN

auto vmbr0

iface vmbr0 inet static

    address 192.168.1.100/24       # ← change to a static IP in your LAN

    gateway 192.168.1.1            # ← your router's IP

    bridge-ports enp3s0

    bridge-stp off

    bridge-fd 0


# virtual lan bridge2, should be used by OPNsense LAN and other VMs

auto vmbr1

iface vmbr1 inet manual

    bridge-ports none

    bridge-stp off

    bridge-fd 0

But currently proxmox fails to connect to the internet, I cannot reach the web interface (and then set up the opnsense vm), nor it can connect to the internet, it fails pings to 1.1.1.1 or whatever. But I can see some of mmy Vms up on the network, as I can reach em , although I cannot tell if they can connect to the inteernet, as ssh/other akin services are not active, but I guess not

 

[UdoB]

my isp's modem does not allow me to open ports, so I though about installing opnsense,

If that's your only reason I would like to mention a completely different approach - to reduce complexity:

If you have an external VPS or are willing to rent one for a dollar or two per month, take a look here: https://github.com/fosrl/pangolin = "Tunneled Reverse Proxy Server with Access Control - Your own self-hosted zero trust tunnel."

This is a free Cloudflare Tunnel clone. Some (many?) functions are missing, of course. It removes the necessity to open ports on your home router completely.

Oh, and you own the underlying key for the Letsencrypt certficates, not some thirdparty provider. This is important for paranoia level three and above ;-)

I am currently testing it; until now it works really great. Especially the automatic certificate handling works like a charm (I have problems to renew certificates using my current NPM (Nginx Proxy Manager) setup. Pangolin will probably replace that construct.)

Note that I am talking about a Homelab, light traffic, nothing important.

Note2: this is not a recommendation, just mentioning "there is more than one way to skin a cat".

 

[whateveruser]

If that's your only reason I would like to mention a completely different approach - to reduce complexity:

If you have an external VPS or are willing to rent one for a dollar or two per month, take a look here: https://github.com/fosrl/pangolin = "Tunneled Reverse Proxy Server with Access Control - Your own self-hosted zero trust tunnel."

This is a free Cloudflare Tunnel clone. Some (many?) functions are missing, of course. It removes the necessity to open ports on your home router completely.

Oh, and you own the underlying key for the Letsencrypt certficates, not some thirdparty provider. This is important for paranoia level three and above ;-)

I am currently testing it; until now it works really great. Especially the automatic certificate handling works like a charm (I have problems to renew certificates using my current NPM (Nginx Proxy Manager) setup. Pangolin will probably replace that construct.)

Note that I am talking about a Homelab, light traffic, nothing important.

Note2: this is not a recommendation, just mentioning "there is more than one way to skin a cat".

in the end I sort of fixed (for now... I'm sure that something else will break again) by putting it on vmbr0 under dhcp
I'm pretty sure that there were no conflicts... but who knows.

I did not know the project thanks, I was at first considering a vps, but then not finding something that's cheap and does not suck was hard, I'm going down this route for now.

 

[whateveruser]

If that's your only reason I would like to mention a completely different approach - to reduce complexity:

If you have an external VPS or are willing to rent one for a dollar or two per month, take a look here: https://github.com/fosrl/pangolin = "Tunneled Reverse Proxy Server with Access Control - Your own self-hosted zero trust tunnel."

This is a free Cloudflare Tunnel clone. Some (many?) functions are missing, of course. It removes the necessity to open ports on your home router completely.

Oh, and you own the underlying key for the Letsencrypt certficates, not some thirdparty provider. This is important for paranoia level three and above ;-)

I am currently testing it; until now it works really great. Especially the automatic certificate handling works like a charm (I have problems to renew certificates using my current NPM (Nginx Proxy Manager) setup. Pangolin will probably replace that construct.)

Note that I am talking about a Homelab, light traffic, nothing important.

Note2: this is not a recommendation, just mentioning "there is more than one way to skin a cat".

and... I think I'm stuck with a vps... but where do I find something with a static ip and the ability to open ports that does not cost a kidney?

my beautifull isp, uses a cgnat

 

[UdoB]

but where do I find something with a static ip and the ability to open ports that does not cost a kidney?

My random choice of this year: https://www.netcup.com/de/server/vps/vps-nano-g11s-6m = 2 € per month. (They used to have an offer for a single Euro, but that's currently sold out.)

Watch https://lowendbox.com/ to get new hints every week. There are more offers in the US than in Germany. Try to get a geographically near one - the "ping-distance" adds up...

my beautifull isp, uses a cgnat

That's exactly the situation where Pangolin solves (nearly) all problems.