Hello guys,
I started to install a Proxmox VE on a server as a Home Lab to host some services. Those services needs to be accessed from anywhere.
Basically, I've followed this tutorial:
https://blog.zwindler.fr/2020/03/02/deploiement-de-proxmox-ve-6-pfsense-sur-un-serveur-dedie/
But I think I've a routing issue I can't get rid of. The issue is that I can't reach internet from machine in the LAN network.
Here is a topology diagram to have a better understanding of the setup:
Here are the iptables rules:
Here are the routes :
And here are the ping responses:
From the proxmox host:
From the Pfsense:
I think there is a route missing between vmbr1 (10.0.0.1/30) and vmbr0 (192.168.0.100/24)
What are your opinions ?
Thank you in advance
I started to install a Proxmox VE on a server as a Home Lab to host some services. Those services needs to be accessed from anywhere.
Basically, I've followed this tutorial:
https://blog.zwindler.fr/2020/03/02/deploiement-de-proxmox-ve-6-pfsense-sur-un-serveur-dedie/
But I think I've a routing issue I can't get rid of. The issue is that I can't reach internet from machine in the LAN network.
Here is a topology diagram to have a better understanding of the setup:
Here are the iptables rules:
Code:
Chain INPUT (policy DROP)
target prot opt source destination
UDP udp -- anywhere anywhere ctstate NEW
TCP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN ctstate NEW
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp echo-request ctstate NEW
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere 10.0.0.2
ACCEPT udp -- anywhere 10.0.0.2
ACCEPT all -- 10.0.0.0/30 anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- dauphintordu.local anywhere tcp dpt:http
ACCEPT tcp -- dauphintordu.local anywhere tcp dpt:https
ACCEPT udp -- dauphintordu.local anywhere udp dpt:domain
ACCEPT tcp -- dauphintordu.local anywhere tcp spt:2924
ACCEPT tcp -- dauphintordu.local anywhere tcp spt:8006
Chain TCP (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere dauphintordu.local tcp dpt:2924
ACCEPT tcp -- anywhere dauphintordu.local tcp dpt:8006
Chain UDP (1 references)
target prot opt source destination
Code:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere multiport dports !2924,8006 to:10.0.0.2
DNAT udp -- anywhere anywhere to:10.0.0.2
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 10.0.0.0/30 anywhereHere are the routes :
Code:
default via 192.168.0.254 dev vmbr0 proto kernel onlink
10.0.0.0/30 dev vmbr1 proto kernel scope link src 10.0.0.1
192.168.0.0/24 dev vmbr0 proto kernel scope link src 192.168.0.100
192.168.1.0/24 via 10.0.0.2 dev vmbr1And here are the ping responses:
From the proxmox host:
From the Pfsense:
I think there is a route missing between vmbr1 (10.0.0.1/30) and vmbr0 (192.168.0.100/24)
What are your opinions ?
Thank you in advance