Pfsense VM as firewall for all other VMs

gacott

Renowned Member
Dec 26, 2009
20
0
66
I have a proxmox machine in a data center with one nic and a block of public IP addresses. I would like to install Pfsense on a vm and then use that as the firewall for all of the other vms. Could somebody either point me in the right direction or let me know if this is possible and if so how?

Thanks
Garret
 
You could create an additional bridge. Have your Pfsense VM straddle the host's bridge and the virtual bridge with two virtual interfaces of its own. Then have your virtual machines attatch to the "internal" bridge.

Easy example:
Internet <---> Host eth0 <---> vmbr0 <---> Pfsense VM <---> vmbr1 <---> VM-A

Note: As stated in the Proxmox Wiki, most hosting providers will drop your connection if they detect multiple MAC on the same interface.

See: http://pve.proxmox.com/wiki/Network_Model#Unsupported_Routing

NAT'ed example:

Internet <---> Host eth0 <--- NAT ---> vmbr0 <---> Pfsense VM <---> vmbr1 <---> VM-A

While you are setting up the NAT you'll want to setup some IPTables firewall protection for the host. Which brings up the possibility that you just run the firwall configuration from the PVE host. Pfsense does have nice graphs, though. ;)
 
Thanks for the response, much appreciated. I Know the owner of the data center well, so I don't think he'd be giving me the boot for the mac issue. I do have a simple firewall on the primary host (the one from here) but I'm having some issues with it not always working for some reason. I would love for there to be a fairly simple and straight forward solution for running a firewall on the host. I had picked pfsense ebcause I have been using it for some time and am familiar with it. So other solutions would be very welcome, as long as they are somewhat easy and simple to implement.

Garret
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!