how to visit proxmox's webUI through pfsense vm which located on proxmox itself

I

ioiioi

Member
Jun 19, 2014
17
0
21
here is my topology:
Code: 
             1.1.1.1
            +------------+
            |  firewall  |
            +------+-----+
            192.168.0.24/24
                   |
                   |
+----------------------------------------+
|   proxmox        |                     |
|                  |                     |
|          vmbr0:192.168.0.1/24          |
|                  |                     |
|                  |                     |
|            192.168.0.2/24              |
|           +--------------+  +-->vmbr1:192.168.1.1/24
|           |  pfsense     |  |          |
|           |              |  +          |
|           |         192.168.1.2/24     |
|           |              |             |
|           |              |             |
|           +--------------+             |
|            192.168.2.2/24              |
|                  |                     |
|                  |                     |
|          vmbr2:192.168.2.1/24          |
|                                        |
+----------------------------------------+


I would like to access proxmox's webUI from Internet, and ask the network gay to create a port forward rule on firewall. which is
1.1.1.1:8006 ---> 192.168.0.2/24. Oberviously, pfsense has to redirect this traffic to proxmox's internal ip address, I prefer 192.168.1.1.

but when visit 1.1.1.1:8006, the proxmox doesn't response, although the packages has been arrived, tcpdump -nvi vmbr1 port 8006 proved that. any idea how to visit proxmox's webUI on this circumstance?

ps:
1. I have no access priviledes to the firewall and modify rules.
2. the proxmox's iptables is disable, and the chains are empty.
 
jester said:
I don't think it's wise to open up the proxmox webUI to the internet in the first place. I'd advise to use SSH with a local port forward.
Click to expand...
that would be a better option, but how to accomplish it?
my working laptop's os is win7, how to use ssh with a local port forward?
 
The easiest way in your current situation would be to forward port 8006 on pfSense to port 22 with destination you proxmox IP. Then with a SSH client like PuTTY you set up a connection to your proxmox server like:
  • Hostname: 1.1.1.1
  • Port: 8006
  • Under category: Connection > SSH > Tunnels:
    • Source port: 8080 (or any other unused local port on you pc)
    • Destination: localhost:8006
      and click: 'Add'
  • Click 'Open' to start the connection
Now in your browser use the URL: https://localhost:8080


This double NAT situation (double firewall) can cause you headaches, try to avoid it if you can.

If you would enable SSH on you pfSense and set a rule on your WAN to allow SSH to your WAN Address you can port forward with SSH from there which makes you more flexible to your different network segments (if you have other servers with ssh enabled).

Edit: Best to not use password authentication for an internet facing ssh-server. Google for something like: setup ssh key authentication
 
Last edited:
@jester
thanks very much, you help me a lot, I learn a little ssh tunnel this morning, it is the exactly tool I need at the moment. however, I use mobaxterm, this terminal could run linux tools on windows, so I did it like this:

ssh -N -L 8080:proxmox_lan_ip:8006 user@pfsense_vm_public_ip

by the way, your suggestion:

Destination: localhost:8006

is that a typo, isn't localhost be replaced by proxmox_lan_ip?
 
ioiioi said:
is that a typo, isn't localhost be replaced by proxmox_lan_ip?
Click to expand...
No, not a typo. The local port forward is being made on the machine you connected to. By my example you would connect to your proxmox server and the webserver for the UI is also listening on localhost port 8006, so in that case it works.

If you are making a ssh connection to something else then your proxmox server (like your pfSense) then you would definitely need to use the proxmox server's LAN IP address.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back