pfSense with 3 NIC (Onboard + Intel X520-DA2)

B

bv196

New Member
Jul 31, 2024
2
0
1
Im absolutely noob in both Proxmox and pfSense, but have fair experience with Unix/Debian through rPi.

Stumbled upon this while trying to search for a 5GB Router/Wifi and been researching for a month now.

I successfully managed to install Proxmox on a Dell Precision 3240 | Xeon 3.00GHz | 64GB RAM | Onboard 1GB NIC | Intel X520-DA2 on PCIe.

I added the X520 based on various advice to use fiber to keep heat low on the server.

As you can see I have 3 Network device : enp0s3166 (onboard 1GB) + enp1s0f0, enp1s0f1 (10G SFP+)
Capture.PNG

Currently Im able to access the Proxmox GUI on 10.10.10.16 as my gateway is 10.1.1.1

Im replacing my ISP with 5GB Fiber service. This is my current setup vis-a-vis future plan. My intention is to install pfSense, with vmbr1 as WAN and vmbr2 as LAN and
create a new network with gateway 10.100.100.1. I still havent connected the internet on the DA2, hence pfSense wont install (waiting for the Mikrotik switch + DAC)

Here is my /etc/network/interfaces content

Code: 
auto lo
iface lo inet loopback

iface enp0s31f6 inet manual

iface enp1s0f0 inet manual

iface enp1s0f1 inet manual

auto vmbr0
iface vmbr0 inet static
        address 10.10.10.16/24
        gateway 10.10.10.1
        bridge-ports enp0s31f6
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet manual
        bridge-ports enp1s0f0
        bridge-stp off
        bridge-fd 0
        mtu 1500

auto vmbr2
iface vmbr2 inet manual
        bridge-ports enp1s0f1
        bridge-stp off
        bridge-fd 0

Proxmox Network.jpg

I need to access the Proxmox GUI from one of the desktops.
1. Is it as simple as plugging the PVE to the Gigabit switch and assign, say 10.100.100.16/24 with 10.100.100.1 gateway and call it a day? Or I need to make any more changes?
a. If so, then is it correct that I need to update the interfaces file from the console and restart?
2. If the pfSense is the gateway and for some reason it goes down, would I be able to still access the GUI from one of the desktops below?
 
Honestly, I would pass through the x520 to psSense and let pfSense manage the nice directly.
 
@louie1961 Yes, thats my plan, but my question is how do I access the Proxmox GUI from within the pfSense network? Do I plug the onboard NIC to the pfSense's switch and get a new IP? Or I should keep the server outside my new LAN?
 
I personally prefer to use opnsense over pfsense, but that's more a personal preference (but maybe worth to look into as well)

Since your proxmox will need internet for its own updates, seperate from the updates for pfsense/opnsense, it will need to be able to reach the pfsense/opnsense.
The options you would have:
  • Plug the on-board into any of the switches (10GB or 1GB, doesn't matter, as long as it fits) and configure it in the pfsense/opnsense range, but outside of it's DHCP-Range, gateway set to the VM.
  • Add the vmbr0 as a seperate (virtual) network-card to your VM, and set it to a seperate range, then in the pfsense/opnsense, set up that 3rd network-card as the "optional 1/OPT1" card with that range you've selected and with internet access (you'll probably will have to manually allow access in the firewall rules since it isn't LAN). Since it's a separate network, you could also have this as a second route to your router (plugging in a laptop/pc directly into the on-board, which is normally empty) in case you mis-configure something in the firewall on the LAN.
 
bv196 said:
@louie1961 Yes, thats my plan, but my question is how do I access the Proxmox GUI from within the pfSense network? Do I plug the onboard NIC to the pfSense's switch and get a new IP? Or I should keep the server outside my new LAN?
Click to expand...
I would treat the pfSense VM and its two dedicated NICs like a separate device. At least this is how I have had success in the past. Set one NIC to be the WAN, and one NIC to be the LAN. Define all your VLANs inside of pfSense. Connect your WAN NIC to your cable modem or other WAN device. Connect your LAN NIC to a managed switch. Then run a cable from the switch to the third NIC on your Proxmox box. I would make that connection a trunked/tagged port on your switch and make your bridge on Proxmox VLAN aware. That way you can have any CT or VM be on any VLAN. BTW, your connection from pfSense to the switch also needs to be on a trunked/tagged port.

For sure there are other ways you can do this. You could dedicate only one NIC to pfSense and connect your WAN device (i.e. cable modem or other device) directly to the switch, and manage everything through VLANs. I am sure you could also create multiple bridges in Proxmox and accomplish the same results. I just am not proficient enough to tell you how to do that.

https://www.joe0.com/2019/11/16/con...guration-on-a-managed-switch/#google_vignette

https://www.youtube.com/watch?v=z59_MWWPL-Q
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back