PFSENSE - Firewall - home using

[issa2020]

Hello,

so i install and PFSENSE on my proxmox and i create a new network card to add the DHCP on it with PFSENSE.
So on virtual machine, the dhcp works but on Physical machine the dhcp is not pushing

This is my network config on PROXMOX :




on my pfsense virtual machine i got this :



so on my enps50 physicaly connected to a swtich, and computer on this switch

but i can"t communicate with PFSENSE, can u help me what is wrong please



what i can do wrong on network config on Proxmox please

 

[Dunuin]

You could try to edit your /etc/network/interfaces and tell the vmbr1 to use DHCP by changing "iface vmbr1 inet manual" to "iface vmbr1 inet dhcp". But keep in mind that you can only have one gateway.

 

[issa2020]

but my problém,

that's works perfectly with all vritual machine i got in virtal network

exemple A plex serveur and ubuntu desktop :

My serveru PLex :



my Ubuntu desktop :




so on my Ubuntu desktop i can connect on my PFSENSE and dhcp :

i see the dhcp working and adding IP on my computer connecter on the VMBR1




but if i connect computeur physicaly on the port enps50

even i put an static IP, i can't contact the PROXMOX, the pfsense or nothing :/

 

[vesalius]

So have you tried giving the proxmox2 node an IP/CIDR on vmbr1 using an IP from the pfsense lan subnet? Something like 192.168.100.2 since that is outside your pfsense lan DHCP pool. Leave the vmbr1 gateway unfilled for now, but eventually, you may want to switch that over from vmbr0 (current state) to vmbr1 (future state) as well.

 

[issa2020]

I have trying, but works in virtual, but not on physical machine :/

 

[vesalius]

What does ip a show?

Have you tried switching vmbr1 to eno6s0?

 

[issa2020]

Ip a result :

[ATTACH type="full"]42758[/ATTACH]

and i can't add this network card to my virtaul pfsense :

 

[vesalius]

Something is wrong with the enp5s0 nic. It is not even listed with ip a. May be broken. Switch the bridge port on vmbr1 to enp6s0, and plug into that nic at least as a test. then I would suspect things work as expected with anything physically plugged in there.

Are enp5s0 and enp6s0 from the motherboard or separate PCI nics?

 

[issa2020]

enp5s0 and enp6s0 are on seperate nic

i got on with motheboard and 2 from pci expresse card

 

[issa2020]

Hello, ok when i do that :

My VM pfsense don't want start :



i got this error :

TASK ERROR: start failed: command '/usr/bin/kvm -id 105 -name 'Pfsense,debug-threads=on' -no-shutdown -chardev 'socket,id=qmp,path=/var/run/qemu-server/105.qmp,server=on,wait=off' -mon 'chardev=qmp,mode=control' -chardev 'socket,id=qmp-event,path=/var/run/qmeventd.sock,reconnect=5' -mon 'chardev=qmp-event,mode=control' -pidfile /var/run/qemu-server/105.pid -daemonize -smbios 'type=1,uuid=4d9d2052-3359-4183-9a88-756bc2959a4e' -smp '2,sockets=1,cores=2,maxcpus=2' -nodefaults -boot 'menu=on,strict=on,reboot-timeout=1000,splash=/usr/share/qemu-server/bootsplash.jpg' -vnc 'unix:/var/run/qemu-server/105.vnc,password=on' -cpu kvm64,enforce,+kvm_pv_eoi,+kvm_pv_unhalt,+lahf_lm,+sep -m 2048 -readconfig /usr/share/qemu-server/pve-q35-4.0.cfg -device 'vmgenid,guid=9b2cb750-495a-44ec-9d72-7d928f5dfa01' -device 'usb-tablet,id=tablet,bus=ehci.0,port=1' -device 'vfio-pci,host=0000:06:00.0,id=hostpci0,bus=pci.0,addr=0x10' -device 'VGA,id=vga,bus=pcie.0,addr=0x1' -device 'virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3,free-page-reporting=on' -iscsi 'initiator-name=iqn.1993-08.org.debian:01:e680b9494dd8' -drive 'if=none,id=drive-ide2,media=cdrom,aio=io_uring' -device 'ide-cd,bus=ide.1,unit=0,drive=drive-ide2,id=ide2,bootindex=101' -device 'virtio-scsi-pci,id=scsihw0,bus=pci.0,addr=0x5' -drive 'file=/dev/LUN02/vm-105-disk-0,if=none,id=drive-scsi0,format=raw,cache=none,aio=io_uring,detect-zeroes=on' -device 'scsi-hd,bus=scsihw0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0,id=scsi0,bootindex=100' -netdev 'type=tap,id=net0,ifname=tap105i0,script=/var/lib/qemu-server/pve-bridge,downscript=/var/lib/qemu-server/pve-bridgedown' -device 'e1000,mac=66:80:4B:3D:BF:4D,netdev=net0,bus=pci.0,addr=0x12,id=net0,bootindex=102' -machine 'type=q35+pve0'' failed: got timeout

 

[issa2020]

Hello so i do what u said :

I remove all VMBR1 and i push the PCI network

and now i got the PFSENSE freeze ::

 

[vesalius]

No, sorry you misunderstood my suggestion. Recreate the vmbr1, but this time select enp6s0 as the Bridge Port within vmbr1 bridge. then try and use vmbr1 as the pfsense LAN again. next see if devices plugged into enp6s0 get a DHCP from pfsene or can ping the pfsense gateway. from the very first picture you posted below, should end up looking the same except Ports/Slaves cession for vmbr1 should show enp6s0.

 

[issa2020]

I do so many things, and i thing the problem is my NIC


05:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 15)
06:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 15)


i have try to create a VMBR on evry things and evrytime nothing come

so the nic is bad or is not OK to work with proxmox

i have to found a new NIC with 2 ethernet

 

[issa2020]

OK i don't understand something gone wrong :

so i create a new ubuntu desktop machine and, i add my 2 nic on it with pci :




i can see them on my virtual machine with lspci :



so now can u explain my why there are down please ?

 

[issa2020]

Ok some news when i connect the cable :

the virtual machine got an this icone :


and the virtual machine is freezing

and on the screen of the Proxmox i can see :

14793.510746 vfio-pci 0000:05:00.0: AER: PCIe Bus Error: severity=Uncorrected (Fatal), type=Ineccessible, (Unregistered Agent ID)

What that means ??

 

[issa2020]

Ok so now im looking where i bought this

and this my network card :

https://www.tme.eu/Document/71c94403bd386ade370eef6b8bf38211/PC0075.pdf

no driver found for debian

i think my problem is this card, :/

 

[issa2020]

Hello there,

so i bought a second card based on intel this time, and i got new problem and not working with my proxmox !!!!

03:00.0 Ethernet controller: Intel Corporation 82575EB Gigabit Network Connection (rev 02)
03:00.1 Ethernet controller: Intel Corporation 82575EB Gigabit Network Connection (rev 02)

and u know what, that's not working !!

this my configuration in Proxmox :

ro

root@proxmox2:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
    link/ether dc:4a:3e:3b:d9:e6 brd ff:ff:ff:ff:ff:ff
3: enp3s0f0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 00:1b:21:38:64:b2 brd ff:ff:ff:ff:ff:ff
4: enp3s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq master vmbr1 state DOWN group default qlen 1000
    link/ether 00:1b:21:38:64:b3 brd ff:ff:ff:ff:ff:ff
5: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether dc:4a:3e:3b:d9:e6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.9/24 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::de4a:3eff:fe3b:d9e6/64 scope link
       valid_lft forever preferred_lft forever
6: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:1b:21:38:64:b3 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::21b:21ff:fe38:64b3/64 scope link
       valid_lft forever preferred_lft forever
7: tap103i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr103i0 state UNKNOWN group default qlen 10

10




this my configuration of my pfsense :



and the problem, the card works for 5 min, and down alone, and not working :'(


so now where found log to understand why my network down alone

thanks

 

[apoc]

Why exactly did you configure the virtual devices as "firewall=1"?
How does your PVE (host) firewall config look like?

Imho this is not needed to use a pfsense in such a way you plan it. It can make sense to additionally reglement traffic within a subnet but for your current setup and troubleshooting: please disable that and check again. My guts feeling says you can connect from your outside LAN members and also recieve DHCP offers from your PFsense.
I don't think this has anything to do with your hardware. It is a config issue.

 

[Neobin]

This statement:

and the problem, the card works for 5 min, and down alone, and not working :'(

does not fit my theory, but will write it down anyway:

Your: vmbr1 uses: enp3s0f1, but that has: NO-CARRIER, while: enp3s0f0 seems to has?
So I would say, plug the cable from: enp3s0f1 into: enp3s0f0.
But in this case you would never had have a (physical) connection on: vmbr1.

Or: You simply have a faulty cable and/or network port on one or both side(s).

 

[issa2020]

Hello, so i don't understand what i can do :

my way is to put a firewall on my network but a virtual with pfsense

In fact the pfsense would be the first on the network and proxmox behind,

but on my config i got proxmox behind pfsense

the other probléme i got a PCI card with 2 nic


but if i got the two nic on my virtual machine :



i detail :


and the other nic


the device look like the same 3:00.0

but when i added them, one got the adresse 3:00.1 and the other one 3.:00.0

so why proxmox give the same device ?

the virtual machine detect only 1 ?

and on the virtual machine i got only 1 card :

()
Task viewer: VM 105 - Start

OutputStatus

Stop
kvm: -device vfio-pci,host=0000:03:00.0,id=hostpci1.0,bus=ich9-pcie-port-2,addr=0x0.0,multifunction=on: vfio 0000:03:00.0: device is already attached
TASK ERROR: start failed: QEMU exited with code 1




what is wrong please ?