Bridge NIC Passthrough for use in LXC

D

Dilnane

Member
Aug 17, 2021
9
0
6
28
Hi to all,
After struggling with briding WAN/LAN in pfsense/OPNSense VM I decided to use NIC passthrough for my LAN interface.
I had heavy packet loss when using bridge LAN interface in pfsense/OPNsense, this topic on reddit gave me hints and I had no more issues after using NIC passthrough for LAN: https://www.reddit.com/r/PFSENSE/comments/12jhb9x/pfsense_vm_on_proxmox_high_packet_loss_and_high/

Anyway after this small explanation about why do I use NIC passthrough instead bridge, I would like to know how to use this LAN interface in my LXC containers.
Here is the conf on my PVE:
pve_interface_bis.png

When using vmbr0 (enp4s0 bridge) as WAN and vmbr10 (enp6s0 bridge) as LAN, that's where I have huge packet loss on OPNSense on my LAN interface.
So I used NIC passtrough for LAN, here my conf for my OPNSense qemu:
OPNSense_interface_bis.png
Code: 
*** OPNsense.localdomain: OPNsense 23.1 ***

 LAN (igc0)      -> v4: 192.168.10.112/24
 WAN (vtnet0)    -> v4: 192.168.1.112/24
                    v6: 2a01:cb05:8b69:df00:2cf6:7fff:feb4:12c2/64

The PCI device 0000:06:00.0 (igc0 in OPNSense) corresponds to interface enp6s0 as you can confirm here on my PVE:
Code: 
root@pve:~# lshw -c network -businfo
Bus info          Device       Class          Description
=========================================================
pci@0000:04:00.0  enp4s0       network        Intel Corporation
pci@0000:06:00.0  enp6s0       network        Intel Corporation
                  vmbr0        network        Ethernet interface
                  vmbr10       network        Ethernet interface

When I'm adding vmbr10 (enp6s0 bridge) to LXC container:
node_interface_bis.png

I can't reach my OPNSense:
Code: 
root@bionic:~# ping -c 4 192.168.10.112
PING 192.168.10.112 (192.168.10.112) 56(84) bytes of data.
From 192.168.10.3 icmp_seq=1 Destination Host Unreachable
From 192.168.10.3 icmp_seq=2 Destination Host Unreachable
From 192.168.10.3 icmp_seq=3 Destination Host Unreachable
From 192.168.10.3 icmp_seq=4 Destination Host Unreachable

--- 192.168.10.112 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3078ms

Can you please explain me why and how can I attach an interface on my LXC to reach my NIC passtrough that I linked to my OPNsense VM ?
Thanks


EDIT:
I understood that when I passthrough NIC to my OPNSense and VM is up and running, it removes NIC from PVE:
Code: 
root@pve:~# lshw -c network -businfo
Bus info          Device     Class          Description
=======================================================
pci@0000:04:00.0  enp4s0     network        Intel Corporation
                  vmbr0      network        Ethernet interface
                  vmbr10     network        Ethernet interface

Then my vmbr10 is bridged to a non-exiting interface. Explaining why vmbr10 can't access interface, it's because it's non existent anymore...
Question is still there, is there a way to communicate from my LXC with this passthrough NIC attached to my OPNSense ?
 
Last edited:
if u passthrough a pci device u can not use it additionally as bridged port.
 
Understood that's what I realized further.
So if I'm using passthrough for LAN interface on a virtual pfsense the only use would be via the physical port ?

I won't be able to use it at all elsewhere with Proxmox (CT/VM) because I can't create any bridge on it if I'm right.
 
floh8 said:
inside the vm, yes
Click to expand...
To be clear, if I'm doing passthrough of an ethernet interface to my Virtual VM pfSense, I won't be able to use this interface ANYWHERE else on my HV except inside virtual VM PfSense ?

But I will still be able to use the physical ethernet interface by connecting myself to this port with ethernet cable correct ?
 
to connect to your pfsense? do u have no switch?
but yes u can do this.
 
Yes that's the idea, I have switch sure. I can connect switch to ethernet interface and my laptop to switch also it was just to take an easy example ;)
Perfect thanks, question answered.
 
You must log in or register to reply here.
Top Bottom