My setup consist of 3 physical devices, a Router, a Proxmox Server and my PC.
Proxmox gets the Internet through Router, and my PC is connected to the Proxmox Server via an 2nd network card.
I've installed PfSense on Proxmox and all containers and vms get their IP through pfsense (linux bridge).
PfSense has an OPT1 Interface for my PC. and it's setup so that i can access all 10.0.0.1/24 from my PC.
The question i have is: how can i give PROXMOX and Ip in the 10.0.0.1/24 range ?
Below a sketch of my network diagram. The X-X-X-X-X lines mark linux bridges, while ----- mean a physical connection exists.
I already tried to set a static second ip in the web interface of proxmox.
I can also run dhclient vmbr1 on proxmox, which shows the wanted ip if running ip a
However i cannot ping to my proxmox server. Neither Proxmox can access 10.0.1.1/24 or 10.0.0.1/24 .
My guess for proxmox not being able to access is, is that it acctually tries to route that to the router and not the pfsense. Is there a way to tell Proxmox to work like this ?
I want this behavior, because otherwise Proxmox relies in the WAN area of my PfSense, and i have to write a ton of extra rules to allow ProxMox and to get services like NFS to run (which run directly on proxmox)
Edit:
Is there any special firewall proxmox has, because also all kind of pings fail from proxmox or fail when i try to ping proxmox
Resolved:
It first looked like a problem with pfsense because i could ping to proxmox from pfsense, but not from my pc.
However i now found out that proxmox was used to 192.168.0.1 as the gateway.
So i removed the gateway property of the 192.168.0.1 interface vmbr0 in /etc/network/interfaces. and set myself a static ip 10.0.0.3 in the linux bridge controlled by pfsense.
The problem now is, without the pfsense running my server has no gateway, so doesn't know how to communicate with the internet, neither DNS does work. This is okay for my scenario because i can login from external and trigger pfsense and once it's up i am ready to go.
And i needed to change the ip in /etc/hosts to the 10.0.0.3 one. Proxmox still is reachable trough 192.168.0.2.
When i am running tracepath google.com from within my proxmox i can clearly see that proxmox is first sending this to pfsense vm before going to the internet. ofc this is not ideal from a latency point but exactly what i want, because now proxmox allso asks my pfsense for 10.0.1.1/24 and 10.0.0.1/24 ip addresses.
Ping and tracepath do work now, without any other adjustments in proxmox
Proxmox gets the Internet through Router, and my PC is connected to the Proxmox Server via an 2nd network card.
I've installed PfSense on Proxmox and all containers and vms get their IP through pfsense (linux bridge).
PfSense has an OPT1 Interface for my PC. and it's setup so that i can access all 10.0.0.1/24 from my PC.
The question i have is: how can i give PROXMOX and Ip in the 10.0.0.1/24 range ?
Below a sketch of my network diagram. The X-X-X-X-X lines mark linux bridges, while ----- mean a physical connection exists.
Code:
+-----------------+ +---------------------+ +----------------+
| | | PROXMOX SERVER | | MY PC |
| Router | +----------------> | 192.168.0.2 | | 10.0.1.2 |
| 192.168.0.1/24 | X | | | |
+-----------------+ | | 10.0.0.3?????? <-+X--X-X | |
X | | | | |
| | | X | |
X | | | +---------+------+
| | | X ^
X | +-----------------+ | | |
+X--X+-> PFSENSE | | X |
| | 192.168.0.3 | | X |
| | | | | |
| | 10.0.0.1/24 +-X--X--X |
| | 10.0.1.1/24 +-+--------------------+
| | | | X
| | | | |
| | | | X
| +-----------------+ | |
| | X
| +-----------------+ | |
| | | | X
| | other vms | | |
| | 10.0.0.2 <-+X-X--X
| +-----------------+ |
+---------------------+I already tried to set a static second ip in the web interface of proxmox.
I can also run dhclient vmbr1 on proxmox, which shows the wanted ip if running ip a
However i cannot ping to my proxmox server. Neither Proxmox can access 10.0.1.1/24 or 10.0.0.1/24 .
My guess for proxmox not being able to access is, is that it acctually tries to route that to the router and not the pfsense. Is there a way to tell Proxmox to work like this ?
I want this behavior, because otherwise Proxmox relies in the WAN area of my PfSense, and i have to write a ton of extra rules to allow ProxMox and to get services like NFS to run (which run directly on proxmox)
Edit:
Is there any special firewall proxmox has, because also all kind of pings fail from proxmox or fail when i try to ping proxmox
Resolved:
It first looked like a problem with pfsense because i could ping to proxmox from pfsense, but not from my pc.
However i now found out that proxmox was used to 192.168.0.1 as the gateway.
So i removed the gateway property of the 192.168.0.1 interface vmbr0 in /etc/network/interfaces. and set myself a static ip 10.0.0.3 in the linux bridge controlled by pfsense.
The problem now is, without the pfsense running my server has no gateway, so doesn't know how to communicate with the internet, neither DNS does work. This is okay for my scenario because i can login from external and trigger pfsense and once it's up i am ready to go.
And i needed to change the ip in /etc/hosts to the 10.0.0.3 one. Proxmox still is reachable trough 192.168.0.2.
When i am running tracepath google.com from within my proxmox i can clearly see that proxmox is first sending this to pfsense vm before going to the internet. ofc this is not ideal from a latency point but exactly what i want, because now proxmox allso asks my pfsense for 10.0.1.1/24 and 10.0.0.1/24 ip addresses.
Ping and tracepath do work now, without any other adjustments in proxmox
Last edited: