Proxmox and pFsense with 1 nic and 2 public IP

[chin007]

hi all.
cant seem to find much information about this.
Setting up Proxmox on a 1 NIC hardware with 2 public IPs.

1st public address is for Proxmox and the other is for pFsense.
Will like a local IP for the windows server and will like to port forward a port say 12345 on 2nd IP to RDP on windows machine behind the pFsense firewall.

Has anyone done this before? Where could i look to find more info especially for a newbie?

Have managed to get pFsense and windows machine running. Outbound traffic is work but cannot get inbound on 2nd IP to work. Have created port forwarding on pFsense but nothing works.

What has this newbie done wrong?

 

[sw-omit]

Since outbound traffic does work, it most likely is something to do with either the proxmox-firewall or something within the port forward.
If you go to your pfsense-VM and the network-port that you have connected to your WAN, does it have the firewall turned on on there?
And could you screenshot the port-forward settings?
And finally, if you allow ping on your pfsense-VM [1], does that work/ can you ping your router's IP from externally?

[1] https://bobcares.com/blog/allow-ping-on-pfsense/

 

[jfinley]

hi all.
cant seem to find much information about this.
Setting up Proxmox on a 1 NIC hardware with 2 public IPs.

1st public address is for Proxmox and the other is for pFsense.
Will like a local IP for the windows server and will like to port forward a port say 12345 on 2nd IP to RDP on windows machine behind the pFsense firewall.

Has anyone done this before? Where could i look to find more info especially for a newbie?

Have managed to get pFsense and windows machine running. Outbound traffic is work but cannot get inbound on 2nd IP to work. Have created port forwarding on pFsense but nothing works.

What has this newbie done wrong?

Sounds like you need ProxyARP

https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-addresses.html

 

[chin007]

Thanks for your reply.
There is not firewall on the port. See screenshot of pfsense.
I enabled the ICMP rule and can ping the pfsense from outside. but still no port forwarding works.

Is the port forwarding done on Proxmox on on pFsense?

I can ping the local machine (windows) from pfsense.

 

[sw-omit]

Ah, I think I see your mistake in the port-forward:
If you scroll down a little in that third screenshot, you should find a redirect target IP and port, that is there you set the 192.168.120.5 and port 3389
In the "destination" you set the "WAN Address" and the 17555
And the source-IP/port you leave empty (or only set the IP and set it to your OWN external WAN-IP.

Source in this context is "where the traffic is coming from"
Destination is "Where the sender of the traffic is requesting access to"
Redirect is "Where traffic to the above destination is routed/redirected to instead.

So in your current setup, you are saying "Traffic that is coming from my router's WAN-IP and going to my external IP originally should be routed.... somewhere.


Or at least that's what I'm guessing from a quick glance at [1] (more used to the OPNSense's UI)

[1] https://docs.netgate.com/pfsense/en/latest/nat/port-forwards.html

 

[chin007]

Thanks @sw-omit . It is called sleepy eyes.
I left it and went to bed. When i woke and went back to it, i realised what you said about redirection. All good now.