proxmox configuration with two public ip and internal lan subnet

openaspace

Active Member
Sep 16, 2019
486
13
38
Italy
Hi.
I need some help to install proxmox on a hetzner server network with two ip (second ip with vitual mac).

enp4s0 = First public host ip
vmbr0 = Second ip with dedicated mac address ( i want to assign it to pfsense)
vmbr1 = private ip (private ip from pfsense to virtual machines)

Now I have setup pfsense with wan card to vmbr0 and lan to vmbr1, and enabled ip forwarding but the wan can't connect to the internet.
Also trying to set the pfsense wan gateway to the host ip and to the hetzner network gateway.

Where i'm wrong?

Thank you.

Code:
auto lo
iface lo inet loopback

auto enp4s0
iface enp4s0 inet static
        address  xxx.xxx.xxx.189
        netmask  24
        gateway  xxx.xxx.xxx.161

auto vmbr0
iface vmbr0 inet static
        address  xxx.xxx.xxx.182
        netmask  24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address  192.168.30.1
        netmask  24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
 
  • Like
Reactions: mbx
I need some help to install proxmox on a hetzner server network with two ip (second ip with vitual mac).

enp4s0 = First public host ip
vmbr0 = Second ip with dedicated mac address ( i want to assign it to pfsense)
vmbr1 = private ip (private ip from pfsense to virtual machines)

Now I have setup pfsense with wan card to vmbr0 and lan to vmbr1, and enabled ip forwarding but the wan can't connect to the internet.
Also trying to set the pfsense wan gateway to the host ip and to the hetzner network gateway.

Where i'm wrong?

Thank you.

Code:
auto lo
iface lo inet loopback

auto enp4s0
iface enp4s0 inet static
        address  xxx.xxx.xxx.189
        netmask  24
        gateway  xxx.xxx.xxx.161

auto vmbr0
iface vmbr0 inet static
        address  xxx.xxx.xxx.182
        netmask  24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address  192.168.30.1
        netmask  24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

Assuming you've got a virtual MAC accepted by your provider:

* add enp4s0 to vmbr0
* delete ip address and gateway from enp4s0
* assign address xxx.xxx.xxx.189 and gateway to vmbr0
* assign address xxx.xxx.xxx.182 to the corresponding interface in pfsense VM
* take care that the interface in pfsense has the virtual MAC address known by the provider
 
  • Like
Reactions: lanima_deli
hi guys, after some tests, it works great with a watchguard appliance

first public ip 1.1.1.10
second public ip 2.2.2.20

simply configure ur firewall :
-external on vmbr0
-internal on vmbr1
-edit ur firewall interface mac address ,with that one generated by ur cloud provider
( in my case ovhcloud generate a virtual mac address after i bought my secondary ip )

after u connect ur firewall with ur secondary static ip on vmbr0 it works great.
take care of ur subnet and gateway of ur secondary ip ... and yes, there are nothing about secondary ip in config interface file...



auto lo
iface lo inet loopback

auto eno1
iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
address 1.1.1.10/24
gateway 1.1.1.1
bridge-ports eno1
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0


thanks richard for ur post, it helps me a lot .
ciao !
 
Last edited:
  • Like
Reactions: mbx
[...]
thanks richard for ur post, it helps me a lot .
ciao !
Thanks to all of you, this was indeed helpful. There is no need to define the 2nd public IP in proxmox anywhere. On my hoster was no mac binding as well, so I could simply bind my interfaces in pfSense and use my 2nd public IP as WAN IP in pfSense only. Of course I have to setup the same Gateway in the backend of pfSense and that's it.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!