Proxmox blocks IP from different networks

[ruipdeje]

Hello
I can't reach my proxmox server from a different network.
Let me explain:

I have a my proxmox server on an MGMT network with a 172.22.0.X/24 network. On this network I have a pfSense virtual router on which is configured a LAN1 network with a 192.168.1.X/24 network. On pfSense I made the necessary configuration so that the LAN1 network can access the MGMT network (not standard as configuration, I know), I manage to reach other servers on this network.

My proxmox server is therefore the only machine that I cannot reach on this network as shown below (172.22.0.1 is my router, 172.22.0.2 my switch and 172.22.0.5 proxmox) :


On the other hand, it becomes fully reachable when I connect my PC to the network:


To support the fact that my network configuration is good, the log of my router indicates that the rule lets packets through:


Below is a diagram of the network, if that helps.



I guess there is some kind of settings that I didn't found.

Best regards

 

[mira]

Did you enable the Datacenter and Host firewall? In this case access to the GUI is limited to IPs from the same network (172.22.0.0/24). You'll have to add a firewall rule allowing acces from the 192.168.1.0/24 (or whatever subnet you have configured) network.

 

[ruipdeje]

Did you enable the Datacenter and Host firewall? In this case access to the GUI is limited to IPs from the same network (172.22.0.0/24). You'll have to add a firewall rule allowing acces from the 192.168.1.0/24 (or whatever subnet you have configured) network.

Hey, thanks for responding me.
FWs on proxmox should be disabled (since I still didn't learned to use it, i'll juste disable them for nw)

Still, it doesn't works..

Does the "input/output policies" matters even if the firewall is disabled ?

 

[ruipdeje]

Any ideas ?

 

[mira]

If either the Datacenter or the Host firewall is disabled, there won't be any firewall rules created at all.

 

[ruipdeje]

If either the Datacenter or the Host firewall is disabled, there won't be any firewall rules created at all.

You mean that it then should work ? (it doesn't right now)
Or do you mean that I should enable it and then create a rule ?

 

[bobmc]

If I understand your problem, you cannot reach your proxmox host (MGMT LAN) from your client (LAN1) via a VM running pfSense where LAN=LAN1 and WAN=MGMT LAN? Further you can reach your MGMT LAN Gateway and MGMT LAN switch from your client (LAN1)?

what does traceroute tell you?

on client tracert 172.22.0.5

on proxmox traceroute <ip of LAN1 client>

 

[ruipdeje]

I'm dumb actually. Sorry for making u losing your time..

Since I can ping my 172.22.0.1 router (4G router used as WAN1 Gateway on pfSense), I thought I could ping any hosts on my 172.22.0.0/24 network. But for some reasons, my 4G router seems to block traffic from 192.168.1.0/24 to 172.22.0.0/24.
I have a second router used for WAN2 on pfSense on a 172.22.1.0/24 network, and it works just fine, with same rules and configuration.
Since my 4G router (WAN1 Gateway) is just a cheap router with poor configurations, I can't do much more.

'guess I'll juste create a real MGMT network from pfSense and move my MGMT hosts and MGMT hardwares on it, should be okay.

Very sorry.