Configure WAN & LAN with multiple NICs

[vsp2979]

Hello Proxmox experts,

Greetings!!

have been trying to setup a homelab to tryout Virtualization and firewalls, decided to go with Proxmox and PfSense based on the popularity and active users.

I was able to install Proxmox on a HP ML370 server with 4 NICs and bunch of VMs. Installed PfSense as a VM and tried configuring it, I am having hard time configuring.

Here is my Setup:

ISP Router -> Proxmox on HomeLab -> PfSense as VM. Uploading screenshots of Proxmox and PfSense network config as well as interfaces file.

Created bridges as suggested in Netgate docs, need guidance on how to further configure my setup:

- is it possible to configure WAN & LAN on Proxmox and assign to different NICs to pass thru the traffic?
- I am not able to reach the PfSense VM which is in a different subnet (192.168.x.x), how do I resolve this?

My goal is to try to test out the config before moving the PfSense as my Primary Firewall. Any direction is greatly appreciated.

 

[cmdre64]

is it possible to configure WAN & LAN on Proxmox and assign to different NICs to pass thru the traffic

Yes. You do this in the pfSense setup in the VM. It sounds like you may have gone through this portion already, but if not when you install pfSense in the VM you are asked which ports you want to use for what after reboot. Im assuming the 2 vmbrs in the pic are assigned to the pfSense VM. They should show up after reboot from install in the VM. If they didn't show up, did you reboot after install? (Kinda dumb q I know, I've just done that enough times. I don't mean to be patronizing).

I am not able to reach the PfSense VM which is in a different subnet (192.168.x.x), how do I resolve this?

-if you have already gone through the pfSense install/reboot and you can't reach the web GUI, it might be because your pfSense address isn't in your router's routing table since it's in a different subnet. Looks like an Xfinity router that I'm not familiar with, but it may not be smart enough to have find the VM. Can you ping the ip address from the pve console?
-you may just need to reboot the pfSense VM to access web gui if you haven't.

 

[vsp2979]

Thank you,

Correct, I have rebooted PfSense and interface config ran successfully, but as I mentioned before, I went with standard IPs of PfSense. SO I should assign 10.x.x.x. IPs for PfSense LAN, similar to my network 10.0.x.x? And what should be the WAN IP of PfSense?

 

[maverickws]

You should take care not to overlap subnets.

to access pfSense VM create another VM with any linux desktop and firefox and access from there to the pfSense GUI

 

[cmdre64]

It depends on what you're trying to do.

Your WAN is usually assigned by the ISP, (DHCP, static, PPPoE, etc.).

Here is a possible way of doing it.
You can have your first router, the one you usually use, assign an IP at the WAN level on 10.0.x.x to your pfSense machine (see attached for visualization; yours would be a little different than the pic as one router is the VM but you get the idea), then have pfSense as the gateway and handing out addresses on 192.168.x.x and ha a VM on this subnet and do as maverickws recommends with the VM viewing the web interface of pfSense.

Having both your current router and pfSense overlap could cause problems.

 

[bobmc]

Perhaps a diagram will make things clearer?