Help setting up Pfsense with 2 NIC on host

C

cojarbi

New Member
Feb 18, 2022
4
0
1
47
Hi guys

Current setup is a single proxmox machine with 2 NIC and a pfsense VM.



Pfsense is running at 192.168.3.1 running dhcp on that subnet. I curretly have a machine behind it which can see the pfsense server web gui and has access to internet.



Now the proxmox machine has the following network setup

1646334789490.png

With this setup i cannot see the Proxmox managment web gui at https://192.168.3.3:8006



What am i missing here?

This guide i very specific but has 3 NIC, one for the proxmox managment

Any ideas?
 
Last edited:
Change iface vmbr0 inet manual to iface vmbr0 inet static and reboot.
 
You use the vmbr0 for the LAN-interface of the pfSense, right?
And vmbr1 for the WAN-interface in pfSense?

Can you please post what your VM config looks like: qm config VMID (VMID is the number e.g. 100 of your pfSense-VM)
 
Then you need to:
  • Revert iface vmbr0 inet static back to iface vmbr0 inet manual
  • Change iface vmbr1 inet manual to iface vmbr1 inet static
  • Move the whole three lines with "address", "netmask" and "gateway" as they are from under the iface vmbr0 ... to beneath the iface vmbr1 ... line.
  • Reboot
PS.: You can combine the address and netmask by removing the whole netmask line and add a /24 behind the IP like: address 192.168.3.3/24

PPS.: Don't forget to use vmbr1 (instead of the most likely default selected vmbr0 on creation) for all your other VMs and LXCs, if you want them behind your pfSense.
 
Last edited:
  • Like
Reactions: PhantomLord and EdnanCosta
Neobin said:
Then you need to:
  • Revert iface vmbr0 inet static back to iface vmbr0 inet manual
  • Change iface vmbr1 inet manual to iface vmbr1 inet static
  • Move the whole three lines with "address", "netmask" and "gateway" as they are from under the iface vmbr0 ... to beneath the iface vmbr1 ... line.
  • Reboot
PS.: You can combine the address and netmask by removing the whole netmask line and add a /24 behind the IP like: address 192.168.3.3/24

PPS.: Don't forget to use vmbr1 (instead of the most likely default selected vmbr0 on creation) for all your other VMs and LXCs, if you want them behind your pfSense.
Click to expand...
@Neobin you rock!

But why? Why would this work like this i dont get it.

Thank
 
cojarbi said:
But why? Why would this work like this i dont get it.
Click to expand...

Your local subnet 192.168.3.0 is only available/already known on the LAN-side of your pfSense. So if you want to reach a local device (PVE-host here) from your local workstation, which is already in your local subnet, this device has also to be there.

In the first step, you literally locked out your PVE-host by putting it's IP (one from your local subnet) on the other side of your pfSense aka the WAN-side.
This is also why I above pointed out to put your other VMs and LXCs on your vmbr1, because it is your LAN-side.

Sorry, I'm not good in explaining and also no network expert at all, but I hope it helps.
Otherwise feel free to elaborate what exactly you don't understand. :)
 
  • Like
Reactions: PhantomLord, nightcrawler and FreeSpirit
Neobin said:
Then you need to:
  • Revert iface vmbr0 inet static back to iface vmbr0 inet manual
  • Change iface vmbr1 inet manual to iface vmbr1 inet static
  • Move the whole three lines with "address", "netmask" and "gateway" as they are from under the iface vmbr0 ... to beneath the iface vmbr1 ... line.
  • Reboot
PS.: You can combine the address and netmask by removing the whole netmask line and add a /24 behind the IP like: address 192.168.3.3/24

PPS.: Don't forget to use vmbr1 (instead of the most likely default selected vmbr0 on creation) for all your other VMs and LXCs, if you want them behind your pfSense.
Click to expand...
I just wanted to say big "Thank You". I'm new to proxmox and pfSense and I was sure I was doing something wrong since I was loosing access to my proxmox setup along the configuration of pfSense. Now I know what was the mistake and everything works flawlessly.

Seriously, I know it's over 3 years, but I'm really gratefull to both of you.
 
  • Like
Reactions: Neobin
You must log in or register to reply here.
Top Bottom