no internt on LXC when bridgeing for a firewall setup

G

Gad

New Member
Feb 28, 2019
27
0
1
39
Hi i am trying to build a PFsense machine that can also run lxc containers under it...
my bridge looks like this
1596144325218.png

and PFsense is working great for things i connect to my switch...
the issue is when i try to to connect a LCX continer to the net

1. ping is working from the LCX to any other machine on that lan(VMBR1)
2. resolv conf
# --- BEGIN PVE ---
search local
nameserver 192.168.1.1
nameserver 8.8.8.8
nameserver 1.1.1.1
# --- END PVE ---

3.network device for LCX
1596144937716.png
4. ifconfig
eno0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.109 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::6011:2fff:fe32:bef8 prefixlen 64 scopeid 0x20<link>
ether 62:11:2f:32:be:f8 txqueuelen 1000 (Ethernet)
RX packets 3472 bytes 446050 (446.0 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 62 bytes 5050 (5.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

the machine is going to pfsense router and getting and IP but cannot route for some reason
also if i switch the machine to vmbr0(the wan port coming from orignal lan) i have full internet accses

please help !
 

Attachments

  • 1596144541639.png
    1596144541639.png
    19 KB · Views: 11
  • 1596145062083.png
    1596145062083.png
    26.4 KB · Views: 11
  • 1596145074560.png
    1596145074560.png
    26.4 KB · Views: 12
What you're trying can't work.

You use 192.168.2.1 on your vmbr1, but it's also supposed to be a Gateway.
That IP belongs on the pfsense interface, not Proxmox.
Proxmox is not a router and does not know what to do with the traffic.

You usually only need one IP on your Proxmox (for management), unless you're using a cluster, corosync, etc.
 
Remove the IP from interface vmbr1.
Add vmbr0 (wan) and vmrb1(lan) to your pfsense.
Add vmbr1 to your LXCs.

Configure your pfsense accordingly.
 
You must log in or register to reply here.
Top Bottom