What I'm trying to do
* build a small Internet facing Proxmox box
* run OPNsense as virtual guest #1 for firewall/router services
* run virtual guest #2 Remotely behind OPNsense (10.12.99.10/24)
* run virtual guest #3 chat server behind OPNsense (10.12.99.20/24)
* run virtual guest #4 ftp server behind OPNsense (10.12.99.30/24)
* the servers/services can be anything, these are just examples, I understand each server has it's own firewall/routing concerns
My setup
* I have public static IP of 11.22.33.218/28 with a gateway of 11.22.33.209
* the server has an HP NC365T quad network card and a mobo built-in Realtek nic
* Proxmox is v8.1.4
My plan
* vmbr0 = NC365T port 0, enp6s0f0, infrastructure LAN, no Internet access needed (10.12.77.5/24)
* vmbr1 = NC365T port 1, enp6s0f1, unused
* vmbr2 = NC365T port 2, enp6s0f2, LAN, where all of the servers/services will live, vmbr2 assigned IP range (10.12.99.0/24) to port (enp6s0f2)
* vmbr3 = NC365T port 3, enp6s0f3, WAN, vmbr3 assigned to the port only (enp6s0f3), no IP address assigned via Proxmox
* OPNsense has (2) nics assigned
- vmbr2 used for LAN, inside OPNsense as vtnet1 as 10.12.99.1
- vmbr3 used for WAN, inside OPNsense as vtnet0 with 11.22.33.218/28
The problem is I can't get out to the Internet through OPNsense. Some things I've tried
* changing NIC port 3 (WAN) to PCI device, it locks up Proxmox
* using the built-in NIC to PCI device, it locks up Promox > am I missing something here?
* enabling and disabling the TCP hardware offloading
* allowing private IP segments to pass
* assigning public static IP to vmbr3, that should fail because I'm assigning an IP to the physical and again to the virtual OPNsense vtnet0
* I've seen some references to masquerading and iptables, I don't think they apply to my setup, correct?
Lastly, I'm not committed to this setup. If my basic plan is wrong please say so with a better design.
* build a small Internet facing Proxmox box
* run OPNsense as virtual guest #1 for firewall/router services
* run virtual guest #2 Remotely behind OPNsense (10.12.99.10/24)
* run virtual guest #3 chat server behind OPNsense (10.12.99.20/24)
* run virtual guest #4 ftp server behind OPNsense (10.12.99.30/24)
* the servers/services can be anything, these are just examples, I understand each server has it's own firewall/routing concerns
My setup
* I have public static IP of 11.22.33.218/28 with a gateway of 11.22.33.209
* the server has an HP NC365T quad network card and a mobo built-in Realtek nic
* Proxmox is v8.1.4
My plan
* vmbr0 = NC365T port 0, enp6s0f0, infrastructure LAN, no Internet access needed (10.12.77.5/24)
* vmbr1 = NC365T port 1, enp6s0f1, unused
* vmbr2 = NC365T port 2, enp6s0f2, LAN, where all of the servers/services will live, vmbr2 assigned IP range (10.12.99.0/24) to port (enp6s0f2)
* vmbr3 = NC365T port 3, enp6s0f3, WAN, vmbr3 assigned to the port only (enp6s0f3), no IP address assigned via Proxmox
* OPNsense has (2) nics assigned
- vmbr2 used for LAN, inside OPNsense as vtnet1 as 10.12.99.1
- vmbr3 used for WAN, inside OPNsense as vtnet0 with 11.22.33.218/28
The problem is I can't get out to the Internet through OPNsense. Some things I've tried
* changing NIC port 3 (WAN) to PCI device, it locks up Proxmox
* using the built-in NIC to PCI device, it locks up Promox > am I missing something here?
* enabling and disabling the TCP hardware offloading
* allowing private IP segments to pass
* assigning public static IP to vmbr3, that should fail because I'm assigning an IP to the physical and again to the virtual OPNsense vtnet0
* I've seen some references to masquerading and iptables, I don't think they apply to my setup, correct?
Lastly, I'm not committed to this setup. If my basic plan is wrong please say so with a better design.
Last edited: