Not able to reach internet from LAN with PFsense

D

dauphintordu

New Member
Dec 29, 2023
4
0
1
Hello guys,

I started to install a Proxmox VE on a server as a Home Lab to host some services. Those services needs to be accessed from anywhere.

Basically, I've followed this tutorial:

https://blog.zwindler.fr/2020/03/02/deploiement-de-proxmox-ve-6-pfsense-sur-un-serveur-dedie/

But I think I've a routing issue I can't get rid of. The issue is that I can't reach internet from machine in the LAN network.

Here is a topology diagram to have a better understanding of the setup:

topology.drawio.png


Here are the iptables rules:

Code: 
Chain INPUT (policy DROP)
target     prot opt source               destination         
UDP        udp  --  anywhere             anywhere             ctstate NEW
TCP        tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN ctstate NEW
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request ctstate NEW

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             10.0.0.2           
ACCEPT     udp  --  anywhere             10.0.0.2           
ACCEPT     all  --  10.0.0.0/30          anywhere           

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
ACCEPT     tcp  --  dauphintordu.local   anywhere             tcp dpt:http
ACCEPT     tcp  --  dauphintordu.local   anywhere             tcp dpt:https
ACCEPT     udp  --  dauphintordu.local   anywhere             udp dpt:domain
ACCEPT     tcp  --  dauphintordu.local   anywhere             tcp spt:2924
ACCEPT     tcp  --  dauphintordu.local   anywhere             tcp spt:8006

Chain TCP (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             dauphintordu.local   tcp dpt:2924
ACCEPT     tcp  --  anywhere             dauphintordu.local   tcp dpt:8006

Chain UDP (1 references)
target     prot opt source               destination

Code: 
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DNAT       tcp  --  anywhere             anywhere             multiport dports  !2924,8006 to:10.0.0.2
DNAT       udp  --  anywhere             anywhere             to:10.0.0.2

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  10.0.0.0/30          anywhere

Here are the routes :

Code: 
default via 192.168.0.254 dev vmbr0 proto kernel onlink
10.0.0.0/30 dev vmbr1 proto kernel scope link src 10.0.0.1
192.168.0.0/24 dev vmbr0 proto kernel scope link src 192.168.0.100
192.168.1.0/24 via 10.0.0.2 dev vmbr1

And here are the ping responses:

From the proxmox host:

1703839881573.png

From the Pfsense:
1703839982075.png

1703840021546.png

1703840064815.png

I think there is a route missing between vmbr1 (10.0.0.1/30) and vmbr0 (192.168.0.100/24)

What are your opinions ?

Thank you in advance
 
few questions:
-) has pfsense default route?
-) have you got ip forwarding enabled on pve host?
-) have you got route on 192.168.0.254 for 10.0.0.0/30
-) why dont you use vmbr0 for pfsense wan? ;-)
 
You must log in or register to reply here.
Top Bottom