private lan trouble

Rowan Sheridan

New Member
Mar 12, 2019
5
0
1
Grateful for some advice. I've Googled as much as I can to get a clear answer but can't see anything that will help me.

I'm trying to create a private network - with pfsense being the router.

My pve server is 192.168.1.50. My internal network is using vmbr1 - with IP addresses of 10.10.10.0/24.

From a machines in the private network - 10.10.10.14 & 10.10.10.15
I can't ping 8.8.8.8 or google.com from internal network - Good
I can ping 192.168.1.50 from internal network - Bad
I can't ping another 192.168... address from 10.10.10.14 or 10.10.10.15 - Good

The PfSense box is 10.10.10.5

Clearly I've configured something incorrectly but I'm just not sure what.


Code:
auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.1.50
        netmask 255.255.255.0
        gateway 192.168.1.254
        bridge_ports eno1
        bridge_stp off
        bridge_fd 0

auto vmbr1
iface vmbr1 inet static
 bridge_ports none
 bridge_stp off
 bridge_fd 0

iface eno2 inet manual

iface eno3 inet manual

iface eno4 inet manual
10.10.10.15
10.10.10.15.PNG

network
network.PNG

PfSense

PfSense.PNG
 
The question is which is the Pfsense's address in 192.168.1.0/24 network? If it's 192.168.1.254 it should work, check then the Pfsense settings.

If not it cannot work since the host routes each packet with destination in 10.10.10.0/24 to the address mentioned above which has probably no connection to that subnet.
 
even though pfsense gets the ip 192.168.1.23 from my lan router i cant access it from my lan - only on the 10.10.10.5 ip
 
even though pfsense gets the ip 192.168.1.23 from my lan router i cant access it from my lan - only on the 10.10.10.5 ip

What means "my lan"? 10.10.10.0/24?

Of course you have to set the routing also in the VMs properly, e.g.
Code:
route add -net default gw 10.10.10.5

And, finally, as already stated: connection to host's 192.168.1.50 cannot work since it has defined 192.168.1.254 as default gateway.
 
Sorry I'm not explaining myself clearly. When i refer to my LAN i mean 192.168.1.0/24
The 10.10.10.0/24 is the internal network i wish to setup that has no external access. For malware analysis.
 
resolved
for anyone who is having similar issues.

my above settings do work

- on pfsense box - under interfaces WAN, untick the boxes which prevent private ips from accessing the WAN
- setup firewall rule on LAN to allow LAN to LAN for all protocols
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!