Hello,
Sorry to ask a daft question...
I'm trying to set up pfSense for managing some devices (mainly scientific equipment) connected to a LAN but also requires access to the internet for initial set-up and updates etc.
I'm using an old Supermicro server that has two NICs. One is attached to our university's network for accessing the internet (is WAN the correct terminology?) and the second is a LAN. I've created a bridged network within proxmox for the VMs with the equipment software so that they can connect to the internet without exposing what is on the LAN while also being able to connect to the devices they control.
I'd like to add some Unifi PoE cameras to the LAN but the controller requires access to the internet which is set up using a Bluetooth connection to a phone app. Reading around it looks like pfSense is what I need in order to allow the controller to access the internet while the cameras can draw power from our PoE+ switch but not access the internet directly.
I've been trying to work through the following guide to install pfSense in a VM and ensure all traffic from the WAN and LAN go through it:
https://www.wundertech.net/how-to-install-pfsense-on-proxmox/
Now comes the daft problem... after enabling IOMMU in the server bios and then passing through the two NICs, I lose my connection to proxmox through the web browser since the two NICs are no longer available for the base OS to use. From the connected monitor to the server all I have is the basic command line prompt for proxmox.
Am I doing something daft or is there a way to set this up - if I connect the two network interfaces to the VM in proxmox software presumably this isn't secure? Do I need to set up pfSense somehow using the command line and ssh into the new VM to complete the setup?
Alternatively, is there a way within proxmox to identify a connected device on the LAN by its MAC address and give access to both the LAN and WAN in a secure way? Is this where VLANs come in - is this a better way?
I'm fairly new to networking so apologies if I've used the wrong terminology!
Sorry to ask a daft question...
I'm trying to set up pfSense for managing some devices (mainly scientific equipment) connected to a LAN but also requires access to the internet for initial set-up and updates etc.
I'm using an old Supermicro server that has two NICs. One is attached to our university's network for accessing the internet (is WAN the correct terminology?) and the second is a LAN. I've created a bridged network within proxmox for the VMs with the equipment software so that they can connect to the internet without exposing what is on the LAN while also being able to connect to the devices they control.
I'd like to add some Unifi PoE cameras to the LAN but the controller requires access to the internet which is set up using a Bluetooth connection to a phone app. Reading around it looks like pfSense is what I need in order to allow the controller to access the internet while the cameras can draw power from our PoE+ switch but not access the internet directly.
I've been trying to work through the following guide to install pfSense in a VM and ensure all traffic from the WAN and LAN go through it:
https://www.wundertech.net/how-to-install-pfsense-on-proxmox/
Now comes the daft problem... after enabling IOMMU in the server bios and then passing through the two NICs, I lose my connection to proxmox through the web browser since the two NICs are no longer available for the base OS to use. From the connected monitor to the server all I have is the basic command line prompt for proxmox.
Am I doing something daft or is there a way to set this up - if I connect the two network interfaces to the VM in proxmox software presumably this isn't secure? Do I need to set up pfSense somehow using the command line and ssh into the new VM to complete the setup?
Alternatively, is there a way within proxmox to identify a connected device on the LAN by its MAC address and give access to both the LAN and WAN in a secure way? Is this where VLANs come in - is this a better way?
I'm fairly new to networking so apologies if I've used the wrong terminology!