Hetzner Proxmox pfSense

Niluan

New Member
May 6, 2019
5
0
1
31
Hi dear Proxmox users.

I have rented a server at Hetzner and have an idea that it should be used for different applications, including web server, file server, web server and a server that runs Ubuntu.
Therefore, I have installed Proxmox, as operating system to control VMs.

Initially, my thought was just to configure VMs with a bridge connection to WAN/LAN interface. However, this has not succeeded for me, cannot get any internet through to any of VMs. Some Google search and found a suggestion to set up a VM with pfSense, thereby sending the internet to one or two Linux Bridge.

I have no success with any of the above setups, and therefore seek help here now.
Would really like to have a setup with pfSense, so all port-forwarding etc are done through there.

At this point, i got a clean installation of Proxmox, with no VMs or any network settings changed.
 

Attachments

  • srv setup.PNG
    srv setup.PNG
    75.8 KB · Views: 215
Netgate has a pretty useful guide for virtualization of PFsense w/ proxmox. I have it setup at OVH at the moment - Guide is here. Have a bridge connection setup for the WAN and then another new bridge with no physical network card attached to it for the PFsense vm network.
 
#2 - I have actually followed the guide one time before, but as soon as I make a bridge there are no connection through to Proxmox anymore, and there for cannot connect to the webgui, and have been forced to make a clean installation of Proxmox. :(
 
#2 - I have actually followed the guide one time before, but as soon as I make a bridge there are no connection through to Proxmox anymore, and there for cannot connect to the webgui, and have been forced to make a clean installation of Proxmox. :(

is your Hetzner server allocated more then 1 public ip address ? I remember when I was toying around at KimSufi where I only had 1 IPv4 address and could not order more it was a bit of an exercise in gymnastics to get things working the way I wanted.

Edit: Looking through Hetzner docs there is some config work todo if you have secondary addresses - Hetzner has a proxmox guide here it seems aswell
 
#4 I only got one public ip address. My brain are about to explode, i can't be right that it is so hard to get a simple network up and running! :confused:
 
#4 I only got one public ip address. My brain are about to explode, i can't be right that it is so hard to get a simple network up and running! :confused:

Looks like you may have todo what I did with KimSufi which is assign the IPv4 to the VM network and administer proxmox over the IPV6 address - setup is much easier with multiple IP addresses avaliable for your sever unless someone else has a better idea.
 
If this i getting everything to be easier.
I have now bought a additional IP address, from Hetzner.

Hope that some one can help me, get it to work.

IP: 95.xxx.20.18
Gateway: 95.xxx.20.1
Netmask: 255.255.255.192
Broadcast: 95.xxx.20.63

IP: 95.xxx.20.11
Gateway: 95.xxx.20.1
Netmask: 255.255.255.192
Broadcast: 95.xxx.20.63
MAC Address: 00:xx:56:xx:BA:E7
 

Attachments

  • srv setup 2.PNG
    srv setup 2.PNG
    74.1 KB · Views: 114
Are you able to access the internet through pfsense directly?

If not, this is a routing issue between your node and Hetzner. If you can then it's a configuration issue on the pfsense side of things.
 
enp4s0 = First public host ip
vmbr0 = Second ip with dedicated mac address ( i want to assign it to pfsense)
vmbr1 = private ip (private ip from pfsense to virtual machines)

Now I have setup pfsense with wan card to vmbr0 (with ports to enp4s0 ) and lan to vmbr1 (wiyhout ports), and enabled ip forwarding but the wan can't connect to the internet. I can ping an external ip address but don't resolve any domain name.. this appen in pfsense and in the ubuntu client of the vmb1 private lan. I have setup the pfsense wizard settings NS to 1.1.1.1 and 1.0.0.1 but nothing change.
Usign hetzner server I have assigned the relative virtual MAC address to the wan vmbr0 in the ethernet settings of the virtual machine pfsense...

Also trying to set the pfsense wan gateway to the host ip and to the hetzner network gateway...

Where i'm wrong?

Thank you.

Code:
auto lo
iface lo inet loopback

auto enp4s0
iface enp4s0 inet static
address xxx.xxx.xxx.189
netmask 24
gateway xxx.xxx.xxx.161

auto vmbr0
iface vmbr0 inet static
address xxx.xxx.xxx.182
netmask 24
bridge-ports none
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet static
address 192.168.30.1
netmask 24
bridge-ports none
bridge-stp off
bridge-fd 0
 
enp4s0 = First public host ip
vmbr0 = Second ip with dedicated mac address ( i want to assign it to pfsense)
vmbr1 = private ip (private ip from pfsense to virtual machines)

Now I have setup pfsense with wan card to vmbr0 (with ports to enp4s0 ) and lan to vmbr1 (wiyhout ports), and enabled ip forwarding but the wan can't connect to the internet. I can ping an external ip address but don't resolve any domain name.. this appen in pfsense and in the ubuntu client of the vmb1 private lan. I have setup the pfsense wizard settings NS to 1.1.1.1 and 1.0.0.1 but nothing change.
Usign hetzner server I have assigned the relative virtual MAC address to the wan vmbr0 in the ethernet settings of the virtual machine pfsense...

Also trying to set the pfsense wan gateway to the host ip and to the hetzner network gateway...

Where i'm wrong?

Thank you.

Code:
auto lo
iface lo inet loopback

auto enp4s0
iface enp4s0 inet static
address xxx.xxx.xxx.189
netmask 24
gateway xxx.xxx.xxx.161

auto vmbr0
iface vmbr0 inet static
address xxx.xxx.xxx.182
netmask 24
bridge-ports none
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet static
address 192.168.30.1
netmask 24
bridge-ports none
bridge-stp off
bridge-fd 0

You are missing to add the public (physical) interface to the bridge. Once you have added it you have to configure the separate MAC in the card of the pfsense that will be connecting to internet.
 
Thank you for the answer.
It works now, but there is a persistent problem on the virtual lan.

When a New client go on in the virtual lan and ask for the address to the DHCP server , the DHCP server give it the address, but the client can't access to the internet. If I click the save button on the DHCP firewall page without any modifications , the new client can navigate!

Can be the virtio virtual Ethernet ?
 
Thank you for the answer.
It works now, but there is a persistent problem on the virtual lan.

When a New client go on in the virtual lan and ask for the address to the DHCP server , the DHCP server give it the address, but the client can't access to the internet. If I click the save button on the DHCP firewall page without any modifications , the new client can navigate!

Can be the virtio virtual Ethernet ?

Have you disabled the offloading as per the instructions in the Netgate page?
 
Hetzner offer it's own script dedicated to the installation of the proxmox.
when you start with the recovery os you can select -> other -> proxmox.
 
enp4s0 = First public host ip
vmbr0 = Second ip with dedicated mac address ( i want to assign it to pfsense)
vmbr1 = private ip (private ip from pfsense to virtual machines)

Now I have setup pfsense with wan card to vmbr0 (with ports to enp4s0 ) and lan to vmbr1 (wiyhout ports), and enabled ip forwarding but the wan can't connect to the internet. I can ping an external ip address but don't resolve any domain name.. this appen in pfsense and in the ubuntu client of the vmb1 private lan. I have setup the pfsense wizard settings NS to 1.1.1.1 and 1.0.0.1 but nothing change.
Usign hetzner server I have assigned the relative virtual MAC address to the wan vmbr0 in the ethernet settings of the virtual machine pfsense...

Also trying to set the pfsense wan gateway to the host ip and to the hetzner network gateway...

Where i'm wrong?

Thank you.

Code:
auto lo
iface lo inet loopback

auto enp4s0
iface enp4s0 inet static
address xxx.xxx.xxx.189
netmask 24
gateway xxx.xxx.xxx.161

auto vmbr0
iface vmbr0 inet static
address xxx.xxx.xxx.182
netmask 24
bridge-ports none
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet static
address 192.168.30.1
netmask 24
bridge-ports none
bridge-stp off
bridge-fd 0

can you please post the final configuration? i am also blocked with this configuration
 
Hello.
I have leaved enp4s0 without configuration. Vmbr0 set with the first public IP, vmbr1 set as private lan 192.168.30.0/24 .
Using hetzner , request second Mac address for the second IP.
Assign vmbr0 and vmbr1 to pfsense, in the pfsense wan (vmbr0):add settings of the second IP with separate Mac, on the pfsense vmbr1 use v192.168.30.1/24 .

For the pfsense wan is important to set the assigned Mac from datacenter in to Mac address of the virtual Ethernet in the proxmox option of the vps
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!