add a 2nd public ip on a pfsense - datacenter OVH

[besync]

Hello,

I'm a regular vmware user migrating to proxmox
I'm new to proxmox and I haven't found an article that could answer my question, but if it exists I'd be happy to be redirected to it

So, I've just bought a dedicated server from a datacenter - OVH, installed a proxmox on it and bought an extra address pool.

What I'm looking to do:
Have a public ip to connect to my proxmox from home (which is currently the case) and have another public ip address to give it in WAN to my PFSENSE and thus be able to type it remotely as well, so this same pfsense has 2 network cards, one WAN and one LAN ( which is already configured). It will also be used as a VPN server.

My second purchased IP address works well because I'm able to access my proxmox interface from this one. Now I'd like my pfsense VM to access the Internet via this IP and not proxmox, but I don't know how to do this.

I tried to reproduce the vmware "schema" but without success.

I enclose my network configuration on my proxmox and my pfsense.
The ping is ok on my LAN interface.

Thanks in advance for your time. I'm obviously ready to give more details if needed.

Logan

 

[ZyX]

Hello,

Have you assigned the public ip to the pfSense and the vmbr1 interface at the same time? If so, you need to remove it from the vmbr1 interface and put it only on the pfSense. You also need to check that the mask and default gateway are correct on pfSense.

For the LAN I have the impression that it's the same thing, you put the same IP on the bridge and on the interface in the VM, if you want to access your pfSense LAN interface from your proxmox host you need to put another IP, for example 10.0.0.10 on the proxmox and 10.0.0.254 on the pfSense as you've already done.

 

[besync]

Hello,

Ok I just changed but it still doesn't work, I have a doubt about the gateway that OVH gave me for my 2nd public ip address. As a result, I no longer have access via my 2nd public ip to my proxmox management interface, which is normal.

Is there still something wrong with my configuration? I've got my 3 virtual linux bridges, each dedicated to a network, the 2 linux bridges "LAN" and "vmbr1" assigned to my PFSENSE VM. From there, if my public IP address and my gateway are correct, there's no reason why I can't access the internet from my pfsense?

Thanks for the feedback, I'm going to open a ticket with OVH

 

[ZyX]

Hello,

Can you provide the configuration you put on the pfSense? (firewall rules, nat rules and interface)

After configuring your wan interface on the pfSense, can you ping the ovh gateway from the pfSense itself?

Also, what does the IP 192.168.100.1 on the vmbr1 interface correspond to?

 

[besync]

Here's the information, this is the default configuration for the firewall, I haven't touched a thing.

No I can't ping but I don't know if it's possible with OVH, I've opened a ticket to ask them but normally you can't go too far wrong with the address pool I have.

I didn't know if I was obliged to put something in, I tested removing it doesn't change anything.

Thanks a lot

 

[ZyX]

Shouldn't the mask be /30 and not /32 on WAN interface?

 

[besync]

I tried the 2 because in the OVH doc it says to set /32 and I have another server under esxi in exactly the same configuration, with a larger address pool and in my other PFSENSE it's set to /32 for the public ip.

Because the pfsense tells me when I set /32 that the gateway isn't in the same range, but even in /30 it doesn't work.

 

[ZyX]

I don't have any other ideas

I use a configuration equivalent to yours but at Scaleway: bridge on the interface that carries the failover ip and the public ip directly on the WAN interface of the firewall and it's ok without doing anything more.

Perhaps someone with more experience will have an idea.

 

[besync]

Ok, thanks anyway for your feedback I'll keep digging.