Few tips for what you're trying to accomplish:
1. I see nothing wrong with virtualization your router, especially if you're already inside another private network anyway. if you bork up your pfsense VM and need internet for proxmox, you can always give proxmox an IP on the "WAN" (private school network) and move on, then switch back to using your "internally" hosted gateway when ready. I virtualize my home router on proxmox and it worked fine.
View attachment 14397
View attachment 14398
2.You'll note, that in my deployment, my "WAN" IP the actual public IP. Pfsense is negotiating the PPPoE with my DSL provider over a DSL modem in bridge mode (all 4 nodes connected to the 4 port switch on the modem). In your environment, you're likely already in a private network space... By default, pfsense won't "route" to private network addresses on ports it considers to be the WAN port. You'll have to "allow" this (uncheck this on interface settings):
View attachment 14399
3. Of course, you'll also need to make sure you are hosting a network that doesn't share broadcast range with your school network. If they are say, a 10.0.0.0/16 or something like that, then you might want to host a 192.168.X.0/24 for yourself.
4. Also... you will likely need to define the upstream gateway for the WAN interface in pfsense:
View attachment 14401
5. Don't forget to disable hardware offload in pfsense (system>advanced). When virtualized, these don't work.
View attachment 14402
6.If you want to use Suricata in Inline mode, you'll probably have to set this system tunable: (force netmap emulation).
View attachment 14404