[SOLVED] Modify a linux bridge

[tstglo]

Please bear with me I am very new to proxmox and linux in general. I installed proxmox a couple of months ago, created some vms and lxc and everything is going great. By default proxmox created a Linux bridge (vmbr0) using the network card on my motherboard enp7s0. After reading about pfSense I bought a PCIe network card (intel i350) with 2 ports (enp1s0f0 and enp1s0f1).

I have my ISP plugged into the WAN port (enp1s0f0) in my i350 and the LAN side (enp1s0f1) I have plugged into a switch.

I created a VM for pfSense and everything is working. When I created the VM I followed a guide that said not to add any network devices. After I created the VM before starting it, I went to the hardware section and added the 2 ports from my i350.

But my proxmox didn't seem to have any connection until I plugged enp7s0 into the switch. Now everything is working but it doesn't seem optimal. Is there a way to have a proxmox bridge to enp1s0f1 (the LAN port).

Also did I need a NIC with 2 ports or could I have gotten a PCIe NIC with one port and used the NIC on my mother board as the wan port for pfSense. I ask because the NIC on my mother board is 2.5gps on the i350 is 1gps (not that it matters that much as my ISP is 1gps as is my switch)

Thank you in advance,

Any help is appreciated!

/etc/network/interfaces

auto lo
iface lo inet loopback

iface enp7s0 inet manual

iface enp1s0f0 inet manual

iface enp1s0f1 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.1.50/24
        gateway 192.168.1.1
        bridge-ports enp7s0
        bridge-stp off
        bridge-fd 0

/etc/pve/qemu-server/myvm.conf

boot: order=scsi0;ide2
cores: 2
hostpci0: 0000:01:00.0
hostpci1: 0000:01:00.1
ide2: local:iso/pfSense-CE-2.6.0-RELEASE-amd64.iso,media=cdrom,size=749476K
memory: 8096
meta: creation-qemu=7.1.0,ctime=1671650006
name: pfSense1
numa: 0
onboot: 1
ostype: l26
scsi0: local-lvm:vm-109-disk-0,iothread=1,size=32G
scsihw: virtio-scsi-single
smbios1: uuid=xxxxxx-xxx-xxx-xxx-xxxxxxx
sockets: 1
startup: order=1,up=60
vmgenid: xxxxx-xxx-xxx-xxx-xxxxxx

 

[B.Otto]

Hello,

for problems with networking it is always helpful if you could post the contents of your /etc/network/interfaces (you might wanna mask your WAN ip address) and the configuration of your pfSense VM.

Kind regards,
Benedikt

 

[tstglo]

Thank you B.Otto, i updated my post to include those config files

 

[B.Otto]

Hello,

well it looks like you are passing through the network card directly to the VM. In this case Proxmox won't be able to access the traffic through this NIC at all. Instead, the traffic needs to go the route vmbr0 -> enp7s0 -> Switch -> NIC of your pfSense -> pfSense

You can't have both, either pass it through or do the 'traditional' way by connecting the pfSense VM to the bridge vmbr0.

You could use the passed-through NIC for WAN only and give the pfSense one virtual NIC for LAN that is connected to the bridge vmbr0.

Or you can ditch the passthrough completely, create another bridge vmbr1 for WAN, and give the pfSense two virtual ports (LAN -> vmbr0, WAN -> vmbr1).

Kind regards,
Benedikt

 

[tstglo]

Hello,

well it looks like you are passing through the network card directly to the VM. In this case Proxmox won't be able to access the traffic through this NIC at all. Instead, the traffic needs to go the route vmbr0 -> enp7s0 -> Switch -> NIC of your pfSense -> pfSense

You can't have both, either pass it through or do the 'traditional' way by connecting the pfSense VM to the bridge vmbr0.

You could use the passed-through NIC for WAN only and give the pfSense one virtual NIC for LAN that is connected to the bridge vmbr0.

Or you can ditch the passthrough completely, create another bridge vmbr1 for WAN, and give the pfSense two virtual ports (LAN -> vmbr0, WAN -> vmbr1).

Kind regards,
Benedikt

Thank you very much. I will give this a try

 

[amb7247]

Thank you very much. I will give this a try

I'm kinda going through this right now. Looks like I need to ditch the two added hardware NIC ports assigned to OPNSense.