Pfsense on Proxmox Cluster with 2 NICS

ersefa

Member
Oct 31, 2019
9
0
6
40
Hello!
Thanks in advance for your time.
I`m deploying a new Proxmox Cluster on Hetzner. (12 ryzen 5 3900 physical hosts)

I have 2 NICS for each physical host:
- 1Gbit => for public Internet with a public IP attached
- 10 Gbit => connected to a private Ubiquity 10G switch

Created a bridge on proxmox for each of that physical ports.
But not sure how it will work if all the traffic that the host receives is not forwarded to this VM. (Some years ago I managed to install pfsense on proxmox with only one NIC, but I dont want to go that way, too complex config, and relies heavily on iptables forwarding). Maybe now that I have two NICs with physical switch for the LAN I can get an easier setup.

Im not sure the best way to deploy a pfsense instance to work as firewall / NAT / defaultgw / openvpn , etc.
I want to install on the first proxmox node and to disable public access to the remaining 11 nodes. (making all of them only accesible through the VPN on the pfsense).

What I want to accomplish is some kind of isolation between public internet and my private LAN.
I want to use pfsense like a bastion and, as my only point of access to my infrastructure. Then I will use haproxy/nginx to load balance traffic to my private api/bbdd machines.

Also im thinking of using it as the default gateway for every machine and my only exit point to internet. All vms and hosts would be on the same subnet, using bridge port to the private switch. That makes sense?

Using a baremetal machine just for pfsense would be easier, but seems a little overkill, a waste of resources "only" for this, that's why i`m searching for a virtualized solution.

Any hint to achieve this architecture would be very appreciated.
Thanks!
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!