Hello,
I installed Proxmox and Pfsense a few weeks ago... so I am quite a newbee in this kind of environment.
It is working fine sofar as I have a flat LAN running on a computer with 4 NIC's (2.5 Gb Ethernet) and I am using two physical NIC's : one for the LAN and one for the WAN.
Now, I am trying to move from a flat LAN to a network with multiple VLAN's.
My lan address is 192.168.2.0/24 and I am trying to create 5 VLAN's with 192.168.15.0/24, 192.168.25.0/24, 192.168.35.0/24, 192.168.45.0/24 and 192.168.55.0/24 (DMZ)...
Here is my Proxmox Interfaces config:
============================================
auto lo
iface lo inet loopback
iface enp2s0 inet manual
iface enp3s0 inet manual
iface enp4s0 inet manual
iface enp5s0 inet manual
auto vlandmz
iface vlandmz inet manual
ovs_type OVSIntPort
ovs_bridge vmbr2
ovs_options tag=55
auto vlan15
iface vlan15 inet manual
ovs_type OVSIntPort
ovs_bridge vmbr2
ovs_options tag=15
auto vlan25
iface vlan25 inet manual
ovs_type OVSIntPort
ovs_bridge vmbr2
ovs_options tag=25
auto vlan35
iface vlan35 inet manual
ovs_type OVSIntPort
ovs_bridge vmbr2
ovs_options tag=35
auto vlan45
iface vlan45 inet manual
ovs_type OVSIntPort
ovs_bridge vmbr2
ovs_options tag=45
auto vmbr0
iface vmbr0 inet static
address 192.168.2.2/24
gateway 192.168.2.1
bridge-ports enp2s0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
#Lan
auto vmbr1
iface vmbr1 inet manual
bridge-ports enp5s0
bridge-stp off
bridge-fd 0
#Wan
auto vmbr2
iface vmbr2 inet manual
ovs_type OVSBridge
ovs_ports vlan15 vlan25 vlan35 vlan45 vlandmz
#Vlan Interface
============================================
The proxmox network from the GUI looks like this (proxmox has the IP address of 192.168.2.2):
And my PfSense interfaces:
So the VM'S and containers created in Proxmox are using bridge "vmbr0" and are having IP addresses 192.168.2.x. One container in the DMZ is using "vmbr2" with an ip address 192.168.55.x (tag: 55). Everything is going well and as expected... From my PC (192.168.2.y) connected on the LAN, I can ping any node in the network as my firewall rules allow to ping everything (LAN+VLAN) from the LAN addresses ... From my PC, I can access the web server (installed as a proxmox container) located in the DMZ... So everything seems OK...
My problem:
- when I try to move one device on the LAN to a VLAN (like for instance, I am trying to move my PC to VLAN 25), I am getting "cannot reach DHCP server"...
- if I am changing the bridge interface on the container in the DMZ from "vmbr2" to "vmbr0", the container is isolated from the network, no way to ping out or no way to ping it from the LAN addresses...
I tried to reboot the PVE, problem is still the same...
So I have a problem with the DHCP servers in the VLAN's using "vmbr0" interface...
I am missing something I think in the proxmox bridges definitions but even after hours of search on internet, I have not found the solution...
Any one has a clue where my problem is ?
Thank you in advance for your help, it will be highly appreciated
I installed Proxmox and Pfsense a few weeks ago... so I am quite a newbee in this kind of environment.
It is working fine sofar as I have a flat LAN running on a computer with 4 NIC's (2.5 Gb Ethernet) and I am using two physical NIC's : one for the LAN and one for the WAN.
Now, I am trying to move from a flat LAN to a network with multiple VLAN's.
My lan address is 192.168.2.0/24 and I am trying to create 5 VLAN's with 192.168.15.0/24, 192.168.25.0/24, 192.168.35.0/24, 192.168.45.0/24 and 192.168.55.0/24 (DMZ)...
Here is my Proxmox Interfaces config:
============================================
auto lo
iface lo inet loopback
iface enp2s0 inet manual
iface enp3s0 inet manual
iface enp4s0 inet manual
iface enp5s0 inet manual
auto vlandmz
iface vlandmz inet manual
ovs_type OVSIntPort
ovs_bridge vmbr2
ovs_options tag=55
auto vlan15
iface vlan15 inet manual
ovs_type OVSIntPort
ovs_bridge vmbr2
ovs_options tag=15
auto vlan25
iface vlan25 inet manual
ovs_type OVSIntPort
ovs_bridge vmbr2
ovs_options tag=25
auto vlan35
iface vlan35 inet manual
ovs_type OVSIntPort
ovs_bridge vmbr2
ovs_options tag=35
auto vlan45
iface vlan45 inet manual
ovs_type OVSIntPort
ovs_bridge vmbr2
ovs_options tag=45
auto vmbr0
iface vmbr0 inet static
address 192.168.2.2/24
gateway 192.168.2.1
bridge-ports enp2s0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
#Lan
auto vmbr1
iface vmbr1 inet manual
bridge-ports enp5s0
bridge-stp off
bridge-fd 0
#Wan
auto vmbr2
iface vmbr2 inet manual
ovs_type OVSBridge
ovs_ports vlan15 vlan25 vlan35 vlan45 vlandmz
#Vlan Interface
============================================
The proxmox network from the GUI looks like this (proxmox has the IP address of 192.168.2.2):
And my PfSense interfaces:
So the VM'S and containers created in Proxmox are using bridge "vmbr0" and are having IP addresses 192.168.2.x. One container in the DMZ is using "vmbr2" with an ip address 192.168.55.x (tag: 55). Everything is going well and as expected... From my PC (192.168.2.y) connected on the LAN, I can ping any node in the network as my firewall rules allow to ping everything (LAN+VLAN) from the LAN addresses ... From my PC, I can access the web server (installed as a proxmox container) located in the DMZ... So everything seems OK...
My problem:
- when I try to move one device on the LAN to a VLAN (like for instance, I am trying to move my PC to VLAN 25), I am getting "cannot reach DHCP server"...
- if I am changing the bridge interface on the container in the DMZ from "vmbr2" to "vmbr0", the container is isolated from the network, no way to ping out or no way to ping it from the LAN addresses...
I tried to reboot the PVE, problem is still the same...
So I have a problem with the DHCP servers in the VLAN's using "vmbr0" interface...
I am missing something I think in the proxmox bridges definitions but even after hours of search on internet, I have not found the solution...
Any one has a clue where my problem is ?
Thank you in advance for your help, it will be highly appreciated