Installing pfSense and Ubuntu

A

ac21

New Member
Jul 27, 2024
11
0
1
I installed pfsense following this guide

The next step is to install Ubuntu, during the install I can't get past the mirror config
Screenshot 2024-07-28 223611.png

this is the screen before but im not sure if I should put anything in here

Screenshot 2024-07-28 145622.png

and the screen before that shows the LAN IP I created with pfSense.

Screenshot 2024-07-28 145603.png
 

Attachments

  • Screenshot 2024-07-28 145551.png
    Screenshot 2024-07-28 145551.png
    15.5 KB · Views: 7
ac21 said:
I installed pfsense following this guide

The next step is to install Ubuntu, during the install I can't get past the mirror config
Click to expand...

I am not sure how fast you would be getting replies on this forum - your question is most likely pfSense related (you might have an issue with routing).

I only glanced at the guide you linked through and the first question in my head is ... why exactly do you even need that pfSense for just a web app? I apologise for coming back with "you are (possibly) doing it wrong", but it would be shortest to troubleshoot to remove anything in the setup that just adds complexity with (to me) no perceived additional benefit.

What's your homelab network topology, the physical one? Will the ubuntu VM be opened to the Internet?
 
esi_y said:
I am not sure how fast you would be getting replies on this forum - your question is most likely pfSense related (you might have an issue with routing).

I only glanced at the guide you linked through and the first question in my head is ... why exactly do you even need that pfSense for just a web app? I apologise for coming back with "you are (possibly) doing it wrong", but it would be shortest to troubleshoot to remove anything in the setup that just adds complexity with (to me) no perceived additional benefit.

What's your homelab network topology, the physical one? Will the ubuntu VM be opened to the Internet?
Click to expand...

I'm currently using Next Cloud and Home Assistant on a computer running TrueNas Scale, It is a regular full size desktop computer I stuck about 10 hard drives in to store family pictures and videos. This computer stays on all the time due to home assistant and nextcloud, it pulls about 100w of power iding, before this i had no Next Cloud and ran HA on a raspberry pi. Recently I bought a HP elitedesk with a low power 7500T cpu and 16gb ram to move HA and nextcloud to it. Obviously I'm not familiar with any of this but in the process of learning.

On the current system I'm using Cloudflare tunnels to access them remotely, but I read this isn't safe and there are some issues with large files and maybe slow transfer speeds. I initially started following the guide to install NGINX then found I'm missing some things and though for security reasons I should install pfSense. My network topology is modem/ router/ switch. I absolutely may be doing it wrong. Please advise.
 
Last edited:
rtorres said:
Hm... I've setup my pfSense differently than what was on that link.
Click to expand...

Do you mind laying out in what sense do you make use of that pfSense? :)

ac21 said:
HP elitedesk with a low power 7500T cpu and 16gb ram to move HA and nextcloud to it.
Click to expand...

ac21 said:
Cloudflare tunnels to access them remotely
Click to expand...

Alright, so this was before and now you plan to access it directly from the outside having ports open? I am asking because the setup through the guide is basically (if I have not misread it) about setting up NAT (private ipv4) within presumably existing NAT (private ipv4 of the physical modem/router). Then you would only expose that pfSense but have to do DNAT (port forwarding) all the time on both to get to your VM.

ac21 said:
started following the guide to install NGINX
Click to expand...

And then you still put your frontend behind a reverse proxy, which is fine, but it's like ... what was wrong with the cloudflare tunnels again? :)

ac21 said:
topology is modem/ router/ switch.
Click to expand...

Suppose your PVE has a vulnerability or the pfSense is misconfigured - you have to worry about that. On top of worrying about having the physical router compromised. And if you got e.g. the NGINX compromised ... you are supposedly already inside that pfSense fronted network segment which ... has access to the rest of your internal network anyhow? I am asking because if you have home assistant, you would have IoT devices inside your network already, do you separate those?

I just wonder if those Cloudflare tunnels were not good as they were. There are other alternatives like VPN or something fancier like tailscale (essentially wireguard) to achieve the same.

To not to completely detract for you post (I suggest you change the title to contain pfSense) - you may boot into the Ubuntu live and start checking what's up with your network connectivity instead of proceeding with the installer - you got stuck after you got DHCP assigned address but you can't reach repos over apt, so you would want to traceroute / tracepath e.g. to 1.1.1.1 and see where it gots thrown away.

rtorres said:
DHCPV4/V6 set up?
Click to expand...

That's a good question too. Is this IPv4 only or IPv6. And what's the network setup on PVE.
 
I am running my Proxmox on an HP Elitemini 800 G9 Intel Core i9-12900T and 64GB DDR5 RAM. pfSense has

This is how I have my Proxmox Network NICS set up:1722324411176.pngvbr0 - LAN for VMs
vmbr1 - WAN straight from ISP
vmbr2 - unused as this is only 1GbE (all other NICS are 2.5GbE)

pfSense VM:
1722324531232.png

Debian Unifi Console VM:
1722324765101.png

TrueNAS Scale VM:1722324800395.png
 
rtorres said:
I am running my Proxmox on an HP Elitemini 800 G9 Intel Core i9-12900T and 64GB DDR5 RAM. pfSense has

This is how I have my Proxmox Network NICS set up:View attachment 72084vbr0 - LAN for VMs
vmbr1 - WAN straight from ISP
vmbr2 - unused as this is only 1GbE (all other NICS are 2.5GbE)
Click to expand...

Oh so the PVE is your router with WAN IP right on it.

The rest I then understand, of course not everyone would want to rely on PVE also be the main (virtual) router. But if you do, the rest is them straightforward.

I just do not see benefit for the OP to have the matrioshka style NAT. I would understand if pfSense is additional firewall layer with nice GUI, but extra DHCP pools and all that (when the same is provided by a physical router) just make it overly complex.

Another alternative is to have some more flexible router that can do VLANs and rely completely on that, bridge that into PVE into respective VMs. It does not have to be anything overly expensive. I know pfSense box is not the cheapest, but if e.g. 1G routing is not an issue, there are really cheap options.
 
esi_y said:
Oh so the PVE is your router with WAN IP right on it.

The rest I then understand, of course not everyone would want to rely on PVE also be the main (virtual) router. But if you do, the rest is them straightforward.

I just do not see benefit for the OP to have the matrioshka style NAT. I would understand if pfSense is additional firewall layer with nice GUI, but extra DHCP pools and all that (when the same is provided by a physical router) just make it overly complex.

Another alternative is to have some more flexible router that can do VLANs and rely completely on that, bridge that into PVE into respective VMs. It does not have to be anything overly expensive. I know pfSense box is not the cheapest, but if e.g. 1G routing is not an issue, there are really cheap options.
Click to expand...

I was having the same issue OP was having, however, without much knowing of their current setup it's hard to say.

Technically, I'm using PVE as a virtual 'switch' because the WAN vmbr1 is solely used by pfSense VM no other VM is attached to vmbr1. All the VMs and 1 UniFi AP physically connected on LAN (vmbr0) go strictly through pfSense.

I don't use the Proxmox firewall at all :)

1722327364874.png

I can't say about getting a Netgate (pfSense) box, this is the setup that has been working for me well over a year and a half :P after much trial and error of course.
 
  • Like
Reactions: esi_y
rtorres said:
Hm... I've setup my pfSense differently than what was on that link.

How is your Proxmox network connections set up? DHCPV4/V6 set up?
Click to expand...
Screenshot 2024-07-30 100015.png

Thank you for your help I see you have two other network devices and recall the official docs going through setting that up. I now plan on abandoning the idea of installing it as esi_y stated its creating a matryoshka effect.

Screenshot 2024-07-30 101053.png
esi_y said:
Do you mind laying out in what sense do you make use of that pfSense? :)
Click to expand...

Thank you for your help pfSense is not making much sense now after reading your post. The goal with pfSense was extra security which I probably don't even need because I dont have any data thats sensitive.

esi_y said:
And then you still put your frontend behind a reverse proxy, which is fine, but it's like ... what was wrong with the cloudflare tunnels again? :)
Click to expand...

I'm trying to get away from cloudflare tunnel to NextCloud due to it having issues with large files, and it may be slower. I was/am going to install Nginx and open ports on the router just to see if this fixes it.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom