Help Needed Configuring pfSense on Proxmox with a Single NIC

S

sameerlike141

Member
Jun 5, 2021
4
0
6
34
I recently purchased a server from Hetzner and installed Proxmox on it. My server has a single NIC, and I want to set up pfSense on a VM within Proxmox using this single NIC.

I am a beginner in both pfSense and networking, and I would appreciate detailed guidance on how to configure pfSense in this scenario. Specifically, I need help with setting up the WAN and LAN interfaces using the single NIC available.

Thank you in advance for your assistance!
 
Is this server a hosted server somewhere with also only a single WAN-IP, or do you have direct access to the console (at least during setup)

I'm asking because if you only have a single WAN-IP, it can be tricky to set it up (since the WAN-IP is already in use by proxmox) and if you make a mistake fixing it is also tricky. Not saying it's impossible, just tricky.

I've recently posted instructions for someone else who wanted to do the same, and for them it worked (but they did try out the steps beforehand on an old PC/laptop/server they had laying about to get a knack for the exact steps)
https://forum.proxmox.com/threads/pfsense-proxmox-with-one-public-ip.153309/#post-697463
 
I have purchased a server from Hetzner and am using Proxmox on it. I have attached an image of the network settings, but I'm not sure how to configure pfSense as a firewall. I want all VMs to access the internet through pfSense, and if I need to forward any ports, I want to manage that through pfSense as well.
1725632315304.png
 
What is the purpose of the pfSense system with 1 nic? It can be done if you have a layer 3 switch (vLAN ability) but on a public network, I doubt this is an option.
 
i was thinking to setup like this
Inet -> PVE 8006, 22
Inet -> all Other Ports -> pfsence
pfSense subnetwork to all LXC, VM
 
I am not the best at the linux networking side - this article may help you. https://superuser.com/questions/938805/how-forward-packets-from-network-interface-to-another

From the pfSense side, I would have 2 nics.

1 - WAN (to receive packets from the proxmox host nat/masquerade)
2 - LAN (shared with the LXCs and VMs).

You could even use the pfSense for DHCP on the LAN subnet.

My only concern is two way traffic between the internet and the pfSense (via nat/masquerade) - I don't know if this will work or not.

Looking at your network CIDR - you indicate that you have more than 1 public IP address - would it be possible to bridge the WAN of the pfSense onto the same nic as your proxmox? This should pull a new IP from your provider.
 
sameerlike141 said:
I recently purchased a server from Hetzner and installed Proxmox on it. My server has a single NIC, and I want to set up pfSense on a VM within Proxmox using this single NIC.

I am a beginner in both pfSense and networking, and I would appreciate detailed guidance on how to configure pfSense in this scenario. Specifically, I need help with setting up the WAN and LAN interfaces using the single NIC available.

Thank you in advance for your assistance!
Click to expand...
Hello sameerlike141,

In the past, I had a lab setup with Proxmox on Hetzner servers, and I had to purchase an additional public IP to assign to my VM hosting pfSense (or opnSense).

This way, I had a default public IP for my Proxmox, allowing me to control access to Proxmox from the Hetzner firewall and block all IPs except mine, and an additional IP for my pfSense who do a router & firewall & reverseproxy job.
 
H.Lotfi said:
Hello sameerlike141,

In the past, I had a lab setup with Proxmox on Hetzner servers, and I had to purchase an additional public IP to assign to my VM hosting pfSense (or opnSense).

This way, I had a default public IP for my Proxmox, allowing me to control access to Proxmox from the Hetzner firewall and block all IPs except mine, and an additional IP for my pfSense who do a router & firewall & reverseproxy job.
Click to expand...
Hello H.Lotfi

How do I control lan and wan if I have only one nic on the server?
 
Your NIC would be there for WAN, and LAN would all be done virtual / in-server.
A vmbr does not NEED a real ethernet port connected to it to work, you'll just need something between that network and the physical port (a router-VM like I suggested for example) to do the translation between the "internal" and "external" network.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom