Management interface to internal network

Rait

Member
Aug 1, 2020
9
1
8
Estonia
Hello!

I'm trying to setup Proxmox on a dedicated server which has only one external IP. I have setup a pfSense VM and configured all the rules and VPN etc that would give me access to the internal network. What I want to achieve is that I want to move the external IP from Proxmox management interface to pfSense interface and give Proxmox management a internal IP. I know this is a risky move but it is a full cluster with pfSense HA cluster and I do have KVM access over internet so I can troubleshoot via KVM if needed.
Can someone point me to the right direction how this could be achieved?

Diagram:

ISP ---> pfSense (VM) ---> Proxmox Management (inside LAN 10.10.x.x)
This would be accessed only if you connect to the VPN.

Thank you!
 
You'd have to create a second bridge interface for your internal network (which you probably already have, since you need it connected to the pfSense as LAN?), let's call it vmbr1, where vmbr0 is your WAN-facing bridge, only assigned to the pfSense VM. You can create it via the GUI under "Node -> System -> Network -> Create -> Linux Bridge".

vmbr0: bridge-port <physical NIC connected to WAN>, no IP/subnet
vmbr1: bridge-port <physical NIC connected to LAN>, IP/subnet set to management IP

pfSense connected to both, other VMs only to vmbr1 (for internal network access/internet via pfSense).

Does that help?
 
You'd have to create a second bridge interface for your internal network (which you probably already have, since you need it connected to the pfSense as LAN?), let's call it vmbr1, where vmbr0 is your WAN-facing bridge, only assigned to the pfSense VM. You can create it via the GUI under "Node -> System -> Network -> Create -> Linux Bridge".

vmbr0: bridge-port <physical NIC connected to WAN>, no IP/subnet
vmbr1: bridge-port <physical NIC connected to LAN>, IP/subnet set to management IP

pfSense connected to both, other VMs only to vmbr1 (for internal network access/internet via pfSense).

Does that help?

Hi!

Yes I did exactly that way, but one issue I had was that the provided has MAC auth on their switch ports so I had to change eth0 HW MAC and spoof it to pfSense. Other than that it worked like a charm.
Also I only have one physical interface which is the eth0 (WAN). LAN vmbr1 is a internal port which has no physical port on it, but once I configured the internal IP/subnet and gateway it worked just fine.

Thank you!
 
  • Like
Reactions: Stefan_R

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!