Interfaces Setup 1 NIC and Managed Switch

M

mac99

New Member
Oct 17, 2024
11
1
3
Hi Everyone,

I trying build an interfaces file for the following.

I am installing PFsense as a guest on Proxmox. I want it to act as my router, DHCP and firewall. Both for my guest VMs and physical devices (i.e. MacBook) on my switch.

Network Map below. I understand I would need to use VLANs and have tried a number of Interfaces and VLAN setups. But they fail.

Can anyone shed some light on the appropriate proxmox etc/network/interfaces setup?

Let me know if any further information would help

Screenshot 2024-10-18 at 9.46.18 AM.png


I have tried in terms of /etc/network/interfaces is below:

Config 1
For Config 1 I can access both IPs from my macbook if its directly plugged into proxmox. But not via the switch. If I connect to my switch port 3 with Macbook and Proxmox on Port 2, I get no access or ping response. Also I wonder if PFsense will route properly out to my LAN in this setup:

Config 1 Interfaces File
auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
address 192.168.86.11/28
gateway 192.168.1.1
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

auto vmbr0.10
iface vmbr0.10 inet manual

auto vmbr0.20
iface vmbr0.20 inet static
address 192.168.86.2/28
Click to expand...

Config 2
I still have my macbook connected to proxmox directly I can't access 192.168.86.2 or ping. Same via the switch.

auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet manual
bridge_ports eno1
bridge_stp off
bridge_fd 0
bridge_vlan_aware yes
bridge-vids 2-4094

auto vmbr0.10
iface vmbr0.10 inet manual

auto vmbr0.20
iface vmbr0.20 inet static
address 192.168.86.2/28
Click to expand...

Switch Settings as follows:

VLAN ID 1,
Members 1/0/4-8
Ports 4-8 untagged

VLAN ID 10,
Members 1/0/1-2,
Port 1 (WAN) untagged
Port 2 (Proxmox) tagged

VLAN ID 20,
Members 1/0/2-8
Port 2 (Proxmox) tagged
Port 3-8 untagged
 
Last edited:
Does anyone know? Even if you could help me understand if it's possible or what resource I should turn to.
 
So if you want the PFSense box to be your default route/router, there shouldn't be any need to config anything other than a default gateway on you end devices.

On your PFSense box (no experience with PFSense, but networking is networking), you need a VIP (Virtual IP address) for all of your VLANS. so if you have VLAN 10, 20, 30. Each vlan should have a virtual ip on the PFSense box. So example:
VLAN10 = 192.168.10.1
VLAN20 = 192.168.20.1
VLAN30 = 192.168.30.1


Now on all your client devices, you point their default gateway to the VIP and the PFSENSE box/router will take care of all cross traffic. Though keep in mind, likely (again not sure on PFSense) cross vlan traffic will be blocked by default, so you will have to add exceptions for cross vlan traffic.

Not sure if this is what you are trying to achieve, but the clients (macbook, cell phone, tv, whatever) shouldn't need to worry about about network configurations outside of DHCP.

And to be clear, if you have a device that needs to be on VLAN10, 20 or whatever, the switch should be access ports for that vlan. (not trunk ports)
 
Last edited:
ScottZ. said:
So if you want the PFSense box to be your default route/router, there shouldn't be any need to config anything other than a default gateway on you end devices.

On your PFSense box (no experience with PFSense, but networking is networking), you need a VIP (Virtual IP address) for all of your VLANS. so if you have VLAN 10, 20, 30. Each vlan should have a virtual ip on the PFSense box. So example:
VLAN10 = 192.168.10.1
VLAN20 = 192.168.20.1
VLAN30 = 192.168.30.1


Now on all your client devices, you point their default gateway to the VIP and the PFSENSE box/router will take care of all cross traffic. Though keep in mind, likely (again not sure on PFSense) cross vlan traffic will be blocked by default, so you will have to add exceptions for cross vlan traffic.

Not sure if this is what you are trying to achieve, but the clients (macbook, cell phone, tv, whatever) shouldn't need to worry about about network configurations outside of DHCP.

And to be clear, if you have a device that needs to be on VLAN10, 20 or whatever, the switch should be access ports for that vlan. (not trunk ports)
Click to expand...
My apologies for not replying earlier. Appreciate the advice and reply.
 
I finally made some progress today. On the TP-Link Switch I had not added the 'PVID' in Port Config menu. I had only created the VLAN and assigned tagged or untagged.

Took me more than a long time (few weekends) to figure that little problem out. For the newbies. Try reading the manual/documentation before you go troubleshooting the problem. That is my learning!

Some documentation that has helped me along the way:
- Proxmox Network Configuration
- Virtualizing with Proxmox VE
- Switch user guide

Once I have got my setup running. I will post the interfaces setup.
 
  • Like
Reactions: m4igor
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom