pfsense install and networking advice

[Chris Taylor]

I'm in a fortunate position that I've got my own dedicated box in the datacenter where I work. My aim has been to use this to learn about networking, building virtual networks, managing virtual networks etc.

I've got a Dell R410 with a single Xeon E5603 quad core and 32GB of ram. Storage is via a 100GB and a 4TB SAS drives.

I've got an assignment of 5 usable public static IP's.

Currently my Proxmox install is setup on one of those static IPs but I don't believe that this is the ideal way to have it installed having Proxmox exposed on a public IP.

I've been trying to setup pfsense to act as the firewall and virtual LAN for any VM's but I'm getting confused.

1. should pfsense be installed separate to the Proxmox hypervisor rather than as a VM inside Proxmox?
2. I have the following network devices within the Proxmox domain. eno1 (active), eno2 (inactive), vmbr0 linux bridge (configured to one of the public IPs and using eno1 as the port) attached screen shot is how the Proxmox node has been created.
3. should I install pfsense as a VM and connect it to vmbr0 bridge using one of the available static IP's?
4. any new VM's would I then create an additional linux bridge?

Any help is appreciated and if I've missed anything out at all please let me know.

 

[vesalius]

I'm in a fortunate position that I've got my own dedicated box in the datacenter where I work. My aim has been to use this to learn about networking, building virtual networks, managing virtual networks etc.

I've got a Dell R410 with a single Xeon E5603 quad core and 32GB of ram. Storage is via a 100GB and a 4TB SAS drives.

I've got an assignment of 5 usable public static IP's.

Currently my Proxmox install is setup on one of those static IPs but I don't believe that this is the ideal way to have it installed having Proxmox exposed on a public IP.

I've been trying to setup pfsense to act as the firewall and virtual LAN for any VM's but I'm getting confused.

1. should pfsense be installed separate to the Proxmox hypervisor rather than as a VM inside Proxmox?
2. I have the following network devices within the Proxmox domain. eno1 (active), eno2 (inactive), vmbr0 linux bridge (configured to one of the public IPs and using eno1 as the port) attached screen shot is how the Proxmox node has been created.
3. should I install pfsense as a VM and connect it to vmbr0 bridge using one of the available static IP's?
4. any new VM's would I then create an additional linux bridge?

Any help is appreciated and if I've missed anything out at all please let me know.

So you can use *sense, while either will work I always take a sec to recommend OPNsense over pfSense, as a vm all you would need to do to get started is setup a second linux bridge (i.e. vmbr1 vlan aware) in Proxmox to use as the virtual lan. No need to designate a port for vmbr1 if you want it to be a virtual only lan.

Then start up a*sense VM and give it both vmbr0 (to use as wan) and vmbr1 (to use as lan) As networks. Once you get *sense setup and decide on a *sense lan subnet, you can begin playing with Proxmox VM’s that use vmbr1 as their network. I recommend confirming other VM‘s have internet access and lan access through *sense and vmbr1 before trying to move Proxmox Over to vmbr1.

After this You can move the native Proxmox webgui and network from the public vmbr0 to vmbr1 by removing the CIDR and gateway from vmbr0, on the screen in your pic, to vmbr1, just choose an IP within your *Sense lan and make the gateway your *sense IP. At the same time and before any reboot change the hosts and DNS to the appropriate IPin the webgui at Datacenter/PVE/System/host (use the ip from the vmbr1 CIDR) and Datacenter/PVE/System/DNS or you will lose webgui access.