no internt on LXC when bridgeing for a firewall setup

[Gad]

Hi i am trying to build a PFsense machine that can also run lxc containers under it...
my bridge looks like this


and PFsense is working great for things i connect to my switch...
the issue is when i try to to connect a LCX continer to the net

1. ping is working from the LCX to any other machine on that lan(VMBR1)
2. resolv conf
# --- BEGIN PVE ---
search local
nameserver 192.168.1.1
nameserver 8.8.8.8
nameserver 1.1.1.1
# --- END PVE ---

3.network device for LCX

4. ifconfig
eno0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.109 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::6011:2fff:fe32:bef8 prefixlen 64 scopeid 0x20<link>
ether 62:11:2f:32:be:f8 txqueuelen 1000 (Ethernet)
RX packets 3472 bytes 446050 (446.0 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 62 bytes 5050 (5.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

the machine is going to pfsense router and getting and IP but cannot route for some reason
also if i switch the machine to vmbr0(the wan port coming from orignal lan) i have full internet accses

please help !

 

[Arvyr]

What you're trying can't work.

You use 192.168.2.1 on your vmbr1, but it's also supposed to be a Gateway.
That IP belongs on the pfsense interface, not Proxmox.
Proxmox is not a router and does not know what to do with the traffic.

You usually only need one IP on your Proxmox (for management), unless you're using a cluster, corosync, etc.

 

[Gad]

soory what exctly do i need to do to make this work ?

 

[Arvyr]

Remove the IP from interface vmbr1.
Add vmbr0 (wan) and vmrb1(lan) to your pfsense.
Add vmbr1 to your LXCs.

Configure your pfsense accordingly.