Make PVE accessible (:8006) behind OPNSense VM (one same PVE)

[ThoKo]

Hi, i just installed PVE on my Hetzner Dedicated Server. Everything works fine till now.
The host has the public IP assigned to it's physical NIC. I did some magic to "share" the public IP from it's physical NIC to the OPNSense VM.
Now the PVE webinterface is still only accessible over it's public IP. I want to change that by connecting the PVE to the Firewall LAN vmbr2. vmbr1 is the transfernetwork for the WAN of the Firewall.

I configured it like this now, but it's not accessible over the assigned IP:


What am I doing wrong?

 

[fba]

Following your screenshot PVE is listening on both addresses 10.10.1.0/31 and 10.0.100.254/24 and the one which is masked red as PVE listens on all interfaces at port 8006. If you cant get a connection it might be a routing or a firewall issue.
From where is your client accessing the PVE server and does it know a route to the ip on vmbr2?