[SOLVED] Hetzner => ProxMox => PfSense not reachable

AreUSirius

New Member
May 28, 2021
11
0
1
27
Hello guys!

Iam trying to setup PfSense on my ProxMox hosted at Hetzner. I want to use the PfSense as a router so i have 2 public ips from Hetzner. The problem is i cannot access the webui via the "wan" IP and i already did "pfctl -d" to allow it to use the wan ip.

That is my ProxMox Host Interface:


Code:
auto lo
iface lo inet loopback
iface lo inet6 loopback

auto eno1
iface eno1 inet static
        address xx.xx.41.163
        netmask 255.255.255.192
        gateway xx.xx.41.129
        pointopoint xx.xx.41.129
        up route add -net xx.xx.41.128 netmask 255.255.255.192 gw xx.xx.41.129 eno1

iface eno1 inet6 static
        address  xx
        netmask  64
        gateway  fe80::1

auto vmbr0
iface vmbr0 inet static
        address xx.xx.41.163
        netmask 255.255.255.255
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        bridge_maxwait 0
        pre-up brctl addbr vmbr0
        up ip route add xx.xx.41.190/32 dev vmbr0
#PfSense

auto vmbr1
iface vmbr1 inet static
        address 10.11.11.1
        netmask 255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '10.11.11.0/24' -o eno1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.11.11.0/24' -o eno1 -j MASQUERADE
#VM-LAN

PfSense is using the vmbr0 bridge with the xx.xx.41.190/24 and the xx.xx.41.163 as the gateway

What did i wrong or am i missing?


Code:
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
net.ipv4.conf.all.send_redirects = 0

is enabled
 
verwende als Config auf dem Host folgendes
Code:
auto lo
iface lo inet loopback
iface lo inet6 loopback

auto eno1
iface eno1 inet static
        address xx.xx.41.163
        netmask 255.255.255.255
        gateway xx.xx.41.129
        pointopoint xx.xx.41.129


iface eno1 inet6 static
        address  xx
        netmask  64
        gateway  fe80::1

auto vmbr0
iface vmbr0 inet static
        address xx.xx.41.163
        netmask 255.255.255.255
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        bridge_maxwait 0
        pre-up brctl addbr vmbr0
        up ip route add xx.xx.41.190/32 dev vmbr0
#PfSense

auto vmbr1
iface vmbr1 inet static
        address 10.11.11.1
        netmask 255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '10.11.11.0/24' -o eno1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.11.11.0/24' -o eno1 -j MASQUERADE
#VM-LAN


und in der pfsense als Netmask /32 und bei gateway den Haken bei "far Gateway" setzen
 
Host config habe ich geändert. Allerdings kann ich bei PfSense via Konsole nicht die /32 nehmen und außerhalb komm ich nicht mit dem Browser drauf. Soll ich mal eine VM mit einem GUI aufsetzen und versuchen über LAN drauf zu kommen ?
 
verwende als Config auf dem Host folgendes
Code:
auto lo
iface lo inet loopback
iface lo inet6 loopback

auto eno1
iface eno1 inet static
        address xx.xx.41.163
        netmask 255.255.255.255
        gateway xx.xx.41.129
        pointopoint xx.xx.41.129


iface eno1 inet6 static
        address  xx
        netmask  64
        gateway  fe80::1

auto vmbr0
iface vmbr0 inet static
        address xx.xx.41.163
        netmask 255.255.255.255
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        bridge_maxwait 0
        pre-up brctl addbr vmbr0
        up ip route add xx.xx.41.190/32 dev vmbr0
#PfSense

auto vmbr1
iface vmbr1 inet static
        address 10.11.11.1
        netmask 255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '10.11.11.0/24' -o eno1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.11.11.0/24' -o eno1 -j MASQUERADE
#VM-LAN


und in der pfsense als Netmask /32 und bei gateway den Haken bei "far Gateway" setzen
Ich konnte durch die config.xml die /32 eintragen allerdings keinen "haken" setzen. Erreichbar ist es bisher noch nicht außerhalb. Ich setze gleich mal eine Ubuntu VM auf.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!