Host PVE behind PFSense on same PVE

C

chrispage1

Member
Sep 1, 2021
86
39
23
32
I'm doing this for a proof of concept. I've got a single Proxmox server with a single NIC, connected to a router. The gateway of the router as an example is 190.150.165.1 and I have access to IP's 190.150.165.35 and 190.150.165.41-45 (all not real IPs).

Is it possible to configure a vmbr0 network on my PVE which points to the real router 190.150.165.1 with no assigned IP address and then create vmbr1 which has an IP of 190.150.165.41 (PVE) with a gateway of 190.150.165.35 (PFSense VM).

My PFSense machine can then have WAN which is interfaced to vmbr0 and an internal network interfaced to vmbr1?

Then, any other VMs would also be assigned to the vmbr1 network meaning they are routed via the PFSense and eventually out through WAN (vmbr0).

This, in my mind at least means I can have everything sat behind a virtual PFSense instance. Would this theoretically work? Of course, the risk being that if PFSense goes down so does everything, but for this test it's a risk I'm willing to take..

Thanks,
Chris.
 
Last edited:
chrispage1 said:
Is it possible to configure a vmbr0 network on my PVE which points to the real router 190.150.165.1 with no assigned IP address and then create vmbr1 which has an IP of 190.150.165.41 (PVE) with a gateway of 190.150.165.35 (PFSense VM).
Click to expand...
Hmm, without having tested any of this and without recommendation for such a setup. So take this with a grain of salt and see it as playground (as you stated, proof of concept):
  • create vmbr0 with physical network interface attached as bridge port
  • create vmbr1 without bridge ports, attach all new VMs to it and set IP address for Proxmox VE host (LAN).
  • setup PFSense VM with 2 virtual nics, one (WAN) attached to vmbr0, second one (LAN) attached to vmbr1.
  • setup default gateway for PFSense VM to be router.
  • setup default gateway for VMs/Proxmox VE host to be PFSense VM.
  • setup NAT on PFSense so traffic from VMs/PVE to the router gets masqueraded and can find the correct route back.
  • port forward traffic to Proxmox VE WebUI
You will however face connectivity issues whenever you have to shut down the guests, and clustering ecc. might prove to be difficult.

Also, it might be easier to solve this by using VLANs.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back