[SOLVED] DNS not working on OPNSENSE

Y

yakundo

New Member
Jun 8, 2024
2
1
1
Hello together,
I installed on one cloud server (hetzner server auction) with a single public IPv4 Proxmox and opnsense.
The problem I got is that on my opnsense the DNS is not working (even on the CLI).
I tried everything but did not find any misconfiguration.
It's a fresh proxmox and fresh opnsense.

I created two Linux Bridge:
vmbr0 = Communication between Proxmox and opnsense(WAN).
vmbr10 = LAN for VM/CT (opnsene LAN).

My proxmox /etc/network/interfaces.d is as follows configured:
Bash: 
/source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

auto enp0s31f6
iface enp0s31f6 inet static
        address 138.XXX.XXX.92/26
        gateway 138.XXX.XXX.65
        dns-nameservers 9.9.9.9
        post-up sysctl -w net.ipv4.ip_forward=1
        post-up iptables -t nat -A PREROUTING -i enp0s31f6 -p tcp -m multiport ! --dport 22,8006,6556 -j DNAT --to 10.10.10.1
        post-up iptables -t nat -A PREROUTING -i enp0s31f6 -p udp -j DNAT --to 10.10.10.1

auto vmbr0
iface vmbr0 inet static
        address 10.10.10.0/31
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up iptables -t nat -A POSTROUTING -s 10.10.10.1/31 -o enp0s31f6 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s 10.10.10.1/31 -o enp0s31f6 -j MASQUERADE
#WAN for the OPNsene(10.10.10.1) and also proxmox LAN(10.10.10.0)

auto vmbr10
iface vmbr10 inet static
        address 10.15.15.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        pre-up ethtool -G enp0s31f6 rx 1024 tx 1024
        pre-up ethtool -K enp0s31f6 tx off gso off
        post-up ethtool -K vmbr10 tx off gso off
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
# LAN for Internal usage

The route configuration from opnsene is:
1717870244087.png

DNS on proxmox itself is working perfectly.
On all VMs, the proxmox firewall is disabled.

Thank you in advance!
 
Last edited:
Thank you for sharing your solution! I had a very similar setup with PVE and OPNsense VM, faced almost the exact same issue. I spent hours today trying to track down the problem. Finally, I followed your approach and set the Hetzner firewall to fully allow traffic to pass through to OPNsense. That fixed everything!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom