Hi,
so my previous setup was having a physical pfSense machine as a router and firewall for my home network (192.168.0.0/16) and a virtual pfSense instance in Proxmox for all my lab machines (10.10.0.0/16). When adding a new network, I simply created a new vmbridge and added it to the pfSense VM. This worked, but the double NAT and multiple firewall rules were quite annoying.
I recently learned a bit more about VLANs, especially trunk ports, and now want to get rid of the pfSense VM and handle all networking on the physical machine. I am having issues getting the connectivity up, however. Here are my steps:
1. Create VLAN 30 on pfsense and assign it to an interface
2. Connect the interface to port 8 on my Cisco SG-300-28 switch (L2 mode)
3. Connect port 20 on the switch to an an interface (enp2s0f1) on Proxmox (not my management interface enp2s0f0)
4. Create VLAN 30 on the switch
5. Assign VLAN 30 as tagged to both ports 8 and 20 on the switch. The default VLAN 1 is marked as untagged on those ports. Both ports are in trunk mode
6. Create a new VLAN aware Linux Bridge vmbr7 on Proxmox and bind it to the NIC enp2s0f1
7. Create a Linux VLAN on Proxmox named vlan30 and bind it to the new bridge vmbr7
8. Enable interface on pfsense, active DHCP server, created allow any firewall rule for testing traffic
Here is the Proxmox interface configuration:
Here is the VLAN config on the switch:
Now what I thought was, I just need to create a VM, set vmbr7 as the network interface and set the VLAN to 30 and it should work. It sort of did, as the new VM successfully grabbed an IP from the new subnet, but other than that, there is no connectivity at all.
so my previous setup was having a physical pfSense machine as a router and firewall for my home network (192.168.0.0/16) and a virtual pfSense instance in Proxmox for all my lab machines (10.10.0.0/16). When adding a new network, I simply created a new vmbridge and added it to the pfSense VM. This worked, but the double NAT and multiple firewall rules were quite annoying.
I recently learned a bit more about VLANs, especially trunk ports, and now want to get rid of the pfSense VM and handle all networking on the physical machine. I am having issues getting the connectivity up, however. Here are my steps:
1. Create VLAN 30 on pfsense and assign it to an interface
2. Connect the interface to port 8 on my Cisco SG-300-28 switch (L2 mode)
3. Connect port 20 on the switch to an an interface (enp2s0f1) on Proxmox (not my management interface enp2s0f0)
4. Create VLAN 30 on the switch
5. Assign VLAN 30 as tagged to both ports 8 and 20 on the switch. The default VLAN 1 is marked as untagged on those ports. Both ports are in trunk mode
6. Create a new VLAN aware Linux Bridge vmbr7 on Proxmox and bind it to the NIC enp2s0f1
7. Create a Linux VLAN on Proxmox named vlan30 and bind it to the new bridge vmbr7
8. Enable interface on pfsense, active DHCP server, created allow any firewall rule for testing traffic
Here is the Proxmox interface configuration:
Code:
iface enp2s0f1 inet manual
auto vmbr7
iface vmbr7 inet manual
bridge-ports enp2s0f1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
auto vlan30
iface vlan30 inet manual
vlan-raw-device vmbr7Here is the VLAN config on the switch:
Now what I thought was, I just need to create a VM, set vmbr7 as the network interface and set the VLAN to 30 and it should work. It sort of did, as the new VM successfully grabbed an IP from the new subnet, but other than that, there is no connectivity at all.