How to access Proxmox management page from a pfSense VM using passthrough?

[fenugurod]

I know, I know, the easiest way is to use a bridge, but I would like to keep the passthrough if possible. I have a Proxmox server and a pfSense VM. Everything is configured and working alright. pfSense is using a I350 NIC with passthrough and the onboard motherboard NIC is connected directly at the modem so I can access the Proxmox management page when needed, I just need to change my connection. What are my current problems?

• How can I put Proxmox management page behind pfSense?
• How can other VMs at Proxmox have network connectivity?

I think both questions are the same, if I can get Proxmox management page to work with pfSense then the VMs would probably be the same thing. This is my current topology:

 

[Neobin]

It is not clear (at least to me), how many physical NIC-ports you have, how many of them are passthroughed, how many bridges you have and to what physical NIC-ports they are connected to, etc.

Therefore, here a simple example how it could look like with two NIC-ports and only one of them passthroughed:

• WAN-side: modem -> passthroughed physical NIC-port to the pfSense-VM on the PVE-host -> WAN interface in pfSense
• LAN-side: switch -> other not passthroughed physical NIC-port on the PVE-host -> bridge (e.g.: vmbr0) with an/the IP-address (and corresponding gateway, e.g. the pfSense) of the PVE-host on it and all guests connected to that bridge, including the LAN interface of the pfSense-VM

Example with three NIC-ports and two of them passthroughed:

• WAN-side: same as in the first example
• LAN-side for pfSense: switch -> second passthroughed physical NIC-port to the pfSense-VM on the PVE-host -> LAN interface in pfSense
• LAN-side for PVE and guests: same as in the first example, but without connecting the pfSense-VM to the/any bridge

In short: You want the PVE and its guests (obviously apart from the WAN interface of the pfSense-VM) on the LAN-side = switch and not on the WAN-side = modem.

PS.: Be careful to not lock yourself out...

 

[xyboox]

Hey @Neobin , I have kind of a similar issue here, I was wondering if you could help up a bit: so I have 3 ports on my computer ( one Intel i329 - on motherboard, and one pcie with i350, 2 ports ). I've set up pfsense vm with 2xi350 ports as passthrough ( one for wan and one for lan ) and added vmbr0 paravirtualized. The onboard NIC is used for proxmox consolea ccess. All works well, except I do not have internet access from proxmox console. vmbr0 is the only bridge set up in proxmox, with a gateway = LAN IP of pfsense. What do I need to set to gain internet access from proxmox? Thanks!

 

[Neobin]

so I have 3 ports on my computer ( one Intel i329 - on motherboard, and one pcie with i350, 2 ports ). I've set up pfsense vm with 2xi350 ports as passthrough ( one for wan and one for lan ) and added vmbr0 paravirtualized. The onboard NIC is used for proxmox consolea ccess.

Unfortunately, I have no knowledge with such a setup. I highly assume, you need to configure "something" inside pfSense in regard of the third interface (vmbr0 on the PVE-host). But how this needs to look like, I do not know, sorry.

 

[xyboox]

Unfortunately, I have no knowledge with such a setup. I highly assume, you need to configure "something" inside pfSense in regard of the third interface (vmbr0 on the PVE-host). But how this needs to look like, I do not know, sorry.

ok, thanks. I'll fall back to connecting proxmox behind a router, for now.