I have pfSense and ubuntu server running in proxmox both of them have their own physical interface (built in NIC for ubuntu and a dual Intel ethernet card for pfSense. After installing pfSense I cant access the ubuntu server from the web interface. Both pfSense and ubuntu are on the same subnet 192.168.1.1/24 .
pfSense cant see ubuntu VM?
- Thread starter dryteletubby
- Start date
-
- Tags
- pfsense
would you mind adding a wiring diagram for the setup?
here is why:
as per your post:
you have, essentially, 3 entities.
a Primary Host (Proxmox) that is a physical machine.
and 2 VM running on that host pfSense and Ubuntu.
if that is true than you need(have) at least 4 Network interfaces
1. for the host
1 for Ubuntu VM (as it seams you use pass-through? right?)
2 for pfSense (again pass-through? right?)
how are all of this connected?
a nice a proper setup would be for example:
Server box for Proxmox with at least 4 nics. (N1,N2,N3,N4)
Proxmox setup using N1 connected to the real physical switch and all network (LAN) is connected to the same switch.
N2 is pass-through mode to Ubuntu VM, and connected to the same physical switch.
N3 - and -N4 is passed through to pfSense. and connected as : N3 in pfSenseVM designated as LAN interface and outside(physically),connected to the same physical switch as all other.
N4 - in pfSenseVM designated as WAN and outside connected to your router/modem for ISP. that is where all of your internet connection is from.
the pfSense LAN IP is your gateway in all configuration for all internal LAN setups, including Proxmox.
the other way of doing it, is to only use dedicated physical Nics reserved for pfSense but not passed through.
to set that up is to setup a bond on 3 of the interfacves (N2,3,4)
than create 2 bridges in Proxmox.
vbr1 connected to N1 for your WAN
and vbr0 connected to the bonded nics.
than use vbr1 as WAN interface for pfSense and vbr0 for LAN interface
use vbr0 for all interface in all VMs.
if you want to separate your pfsense more, use bond on only 2 physical nica and create 3 bridges.
vbr0 on bonded nics for all internal LAN
vbr1 for WAN in pfsense and vbr2 for LAN in pfSense.
here is why:
as per your post:
you have, essentially, 3 entities.
a Primary Host (Proxmox) that is a physical machine.
and 2 VM running on that host pfSense and Ubuntu.
if that is true than you need(have) at least 4 Network interfaces
1. for the host
1 for Ubuntu VM (as it seams you use pass-through? right?)
2 for pfSense (again pass-through? right?)
how are all of this connected?
a nice a proper setup would be for example:
Server box for Proxmox with at least 4 nics. (N1,N2,N3,N4)
Proxmox setup using N1 connected to the real physical switch and all network (LAN) is connected to the same switch.
N2 is pass-through mode to Ubuntu VM, and connected to the same physical switch.
N3 - and -N4 is passed through to pfSense. and connected as : N3 in pfSenseVM designated as LAN interface and outside(physically),connected to the same physical switch as all other.
N4 - in pfSenseVM designated as WAN and outside connected to your router/modem for ISP. that is where all of your internet connection is from.
the pfSense LAN IP is your gateway in all configuration for all internal LAN setups, including Proxmox.
the other way of doing it, is to only use dedicated physical Nics reserved for pfSense but not passed through.
to set that up is to setup a bond on 3 of the interfacves (N2,3,4)
than create 2 bridges in Proxmox.
vbr1 connected to N1 for your WAN
and vbr0 connected to the bonded nics.
than use vbr1 as WAN interface for pfSense and vbr0 for LAN interface
use vbr0 for all interface in all VMs.
if you want to separate your pfsense more, use bond on only 2 physical nica and create 3 bridges.
vbr0 on bonded nics for all internal LAN
vbr1 for WAN in pfsense and vbr2 for LAN in pfSense.
I am not really sure how to describe my network so apologies for the poor description
enp4s0 currently does both my proxmox (192.168.1.63) and ubuntu VM (192.168.1.77) while vmbr1 & vmbr2 (the Intel dual port PCI-e NIC) does pfSense LAN and WAN respectively. I created the ubuntu VM with vmbr0 (bridge mode) and Intel E1000 as the model ( the NIC (enp4s0) is a build in realtek)
enp4s0 currently does both my proxmox (192.168.1.63) and ubuntu VM (192.168.1.77) while vmbr1 & vmbr2 (the Intel dual port PCI-e NIC) does pfSense LAN and WAN respectively. I created the ubuntu VM with vmbr0 (bridge mode) and Intel E1000 as the model ( the NIC (enp4s0) is a build in realtek)
well this is a good start 
so if I read this correctly,
the enp4s0 and enp1s0f0 should be plugged in into a main switch for LAN.
enp1s0f1 should be connected to your ISP modem/router.
we can easily ignore vmbr2 as it is the outside connection and managed via pfSense.
so the important information that is missing is your pfSense LAN IP.
but let's assume it is 192.168.1.1
than in your proxmox network setup you would configure
#1. default gateway pointing to your pfSense LAN IP (192.168.1.1)
and assuming your pfSense also serves as DHCP server and Domain Name server (DNS)
you would point your DNS to same IP (192.168.1.1) and you can also add additional DNS pointing to the IP provided by your ISP and I also add a google IP like 8.8.8.8 and/or 8.8.4.4. you do not actually need to do that in local network setup. the pfSense should do all the translations for you. and if you use DHCP on pfSense it will also do that.
so you point to pfsense as both a gateway/firewall, DHCP and DNS in all your setups.
just FYI, you need an internal DNS IP (192.168.1.1) to resolve any and all internal name. so any physical machine or VM inside the LAN can only be resolved by the local DNS server i.e. your pfSense.
all external URL/IP references are resolved by the external DNS such as your ISP or Google.
the steps are your Client calls for a name/URL == > request goes to local DNS first ==> if no exists forward to next DNS server on the list (hence the need/preference to have several ) ==> if found open the address, if not show error.
so your pfSense should handle all DNS needs you have using any and all DNS in the list.
I, personally is moving away from static IPs on my network with a single exception of the main Host.
some physical and VM machines simply need to be static. any others I am trying to go with DHCP reserved IPs.
that is I find the NIC MAC address and setup a reserved IP in DHCP server to always give that specific IP to that specific hardware NIC. since in VM I can control the MAC address I use it works well.
so if I read this correctly,
the enp4s0 and enp1s0f0 should be plugged in into a main switch for LAN.
enp1s0f1 should be connected to your ISP modem/router.
we can easily ignore vmbr2 as it is the outside connection and managed via pfSense.
so the important information that is missing is your pfSense LAN IP.
but let's assume it is 192.168.1.1
than in your proxmox network setup you would configure
#1. default gateway pointing to your pfSense LAN IP (192.168.1.1)
and assuming your pfSense also serves as DHCP server and Domain Name server (DNS)
you would point your DNS to same IP (192.168.1.1) and you can also add additional DNS pointing to the IP provided by your ISP and I also add a google IP like 8.8.8.8 and/or 8.8.4.4. you do not actually need to do that in local network setup. the pfSense should do all the translations for you. and if you use DHCP on pfSense it will also do that.
so you point to pfsense as both a gateway/firewall, DHCP and DNS in all your setups.
just FYI, you need an internal DNS IP (192.168.1.1) to resolve any and all internal name. so any physical machine or VM inside the LAN can only be resolved by the local DNS server i.e. your pfSense.
all external URL/IP references are resolved by the external DNS such as your ISP or Google.
the steps are your Client calls for a name/URL == > request goes to local DNS first ==> if no exists forward to next DNS server on the list (hence the need/preference to have several ) ==> if found open the address, if not show error.
so your pfSense should handle all DNS needs you have using any and all DNS in the list.
I, personally is moving away from static IPs on my network with a single exception of the main Host.
some physical and VM machines simply need to be static. any others I am trying to go with DHCP reserved IPs.
that is I find the NIC MAC address and setup a reserved IP in DHCP server to always give that specific IP to that specific hardware NIC. since in VM I can control the MAC address I use it works well.
Hmm seems I made a mistake setting my DNS to pi-hole (running in the VM i cannot connect to) Anyway I have uninstalled that pfSense instance as AES-NI was not working and pfSense was performing extremely sluggishly. The 2nd installation went better however my WAN speed could not exceed 100Mbps(the web ui shows both wan and lan at 100Mbps). The only changes I have made from the previous install is to change the CPU to host from visualized and the network to Intel E1000 instead of VirtIO. Hopefully 3rd try will be successful. Will update the thread with progress.
I am not 100% sure but do you actually have a WAN connection over 100mbps?
I have never seen any ISP that provides speeds over 100Mbps.
the fastest ISP provider in the world tops out @ 100 and that is in Netherland and even there it is not guaranteed all the time.
I am talking actual speed not the advertised speed.
I know that Verizon advertize speeds @ 300mbps but you never get that.
that said, if you show 100mbps on both, check your cards. are you sure the nics are gigabits? are you sure your switch is a gigabit.
check the cables. a bad cable will drop your speed like a rock.
I have never seen any ISP that provides speeds over 100Mbps.
the fastest ISP provider in the world tops out @ 100 and that is in Netherland and even there it is not guaranteed all the time.
I am talking actual speed not the advertised speed.
I know that Verizon advertize speeds @ 300mbps but you never get that.
that said, if you show 100mbps on both, check your cards. are you sure the nics are gigabits? are you sure your switch is a gigabit.
check the cables. a bad cable will drop your speed like a rock.
I quite sure my NIC and switch are gigabit. on my current asus router I can get 300+Mbps wan speeds tested from fast.com and steam downloads.
Btw I live in Singapore internet speeds are much faster here, heck my ISP even offers 10Gbps speeds
https://www.m1.com.sg/personal/home-broadband/gigabit#Promotion
Btw I live in Singapore internet speeds are much faster here, heck my ISP even offers 10Gbps speeds
https://www.m1.com.sg/personal/home-broadband/gigabit#Promotion
my internet speed increasing in one of the reasons why I want to switch to pfSense. 1Gbps used to cost from $400-500+ just 3 years ago but due to increasing competition now it is at $32 a month. heck even my ISP keep increasing my speed from 100 to 300 and reduce cost.Now I pay just SGD $29 for 300Mbps. You should take a look at our local forums its almost hilarious watching people complaining of getting only 800+Mbps from their Gigabit connection.