pfSense Proxmox

M

mgsnell

New Member
Dec 5, 2021
9
2
3
75
I want to setup a homelab and in the process gain more networking knowledge. Currently I am using a Unifi DreamMachine as the router, a HP JE009A V1910-48G switch (overkill for me but was <$40.00 on ebay) a Dell T5600 with 2 E5-2680 cpu's (16coresx32 threads), 32gb memory and 6 ethernet ports. As currently setup I have Proxmox on the T5600 (bare metal) with two vm's (Home Assistant and Proxmox Backup Server). My next step was to install pfSense which by itself was not a problem, but now I am beyond my networking experience as I can't figure out how to interconnect the UDM, T5600 and switch in such a was as to have pfSense act as the firewall, DHCP server etc for the vm's (Home Assistant in this case) I don't want Proxmox (VE or Backup Server in pfSense) for obvious reasons. Since this is the beginning of my journey, my network is simple in that I only have a single bridge vmbr0 on a network ip of 10.10.0.x. This advice at the moment I am seeking is how to physically connect the UDM. T5600 and HP switch so I can manage the single vm and additional vm's thru pfSense. I have done many trial and errors with different wired approaches but non worked.
 
Last edited:
First I would create some more bridges.

One bridge for WAN. Attach a NIC to it that you want to use as your WAN NIC. Then attach that virtual NIC (virtio) that should work as your pfsenses WAN interface to that pfsense VM. Then you connect your physical WAN NIC to your ISPs router.

And you probalby want atleast 2 other bridges. One bridge for your LAN and one for a DMZ with the pfsense VM having a virtio NIC attached to each bridge. Other VMs which should be accessible from the internet I would attach to the DMZ bridge. Just locally accessible VMs to the LAN bridge.
Atleast for the LAN bridge you also want a physial NIC of your host attached to it too which is then connected to your switch so other hosts can use the pfsense too.

All three bidges should use different subnets and your pfsense VM needs to route between them.
 
First, thanks for the reply, your first paragraph is where I was struggling and still am. By stating "connect your physical WAN NIC" are you referring to the virtual WAN bridge created in proxmox and should this be connected to one of the 48 ports on the hp switch (connect to ISP router}?

Once I sort out the above and using your suggestions if I understand correctly I would end up with 4 bridges vmbr0 for management, vmbr1 WAN, vmbr2 LAN (say 192.168.0.1) and vmbr3 OPT/DMZ (say 192.168.0.2). Since the UDM cannot be made into a bridge will this further complicate getting pfSense to route the vm's traffic through it, if at all possible I hope I can get around having a double nat.

Since I have your ear and this is a new setup, any comments on using OVS vs Linux Bridge. I ask for future proofing not to start a debate on which one is better. My way of thinking is if one has more capabilities than the other even though I don't know now how to use those capabilities then that is the one I will go with. In my experience in the past when I didn't do this then needed that capability as my knowledge grew it was a major pain in the, well you know what, to switch.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back