Proxmox, pfsense, and Hetzner network setup Help

altoyda

New Member
Aug 30, 2020
4
0
1
50
is my setup wrong or what can not get pfsense others things to see net

SETUP#########################################
source /etc/network/interfaces.d/*


auto lo
iface lo inet loopback

iface lo inet6 loopback


auto vmbr0
iface vmbr0 inet static
address 95.xxx.xx.14/26
netmask 255.255.255.192
gateway 95.xxx.xx.1
pointopoint 95.xxx.xx.1
bridge_ports eno1
bridge_stp off
bridge_fd 0
up ip route add 95.xxx.xx.0/26 via 95.xxx.xx.1 dev vmbr0
up sysctl -p
# ip4 main port on Hetzner (hello world)

iface vmbr0 inet6 static
address 2a01:xxx.xx:1bb0::2/64
netmask 64
gateway fe80::1
# ip6 main port on Hetzner (hello world)

auto vmbr1
iface vmbr1 inet static
address 10.1.1.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
up iptables -t nat -A POSTROUTING -s '10.1.1.0/24' -o vmbr0 -j MASQUERADE
down iptables -t nat -D POSTROUTING -s '10.1.1.0/24' -o vmbr0 -j MASQUERADE
# ip4 network for a private

iface vmbr1 inet6 static
address 2001:db8:1111:2222:81::1
netmask 64
up ip -6 route add 2001:db8:1111:2222:81::/80 dev vmbr1
# ip6 network for a private

auto vmbr2
iface vmbr2 inet static
address 95.xxx.xx.218
gataway 95.xxx.xx.217
netmask 255.255.0.0
bridge-ports none
bridge-stp off
bridge-fd 0
up ip route add 95.xxx.xx.216/26 via 95.xxx.xx.217 dev vmbr2
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '95.xxx.xx.184/16' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '95.xxx.xx.184/16' -o vmbr0 -j MASQUERADE
# addon Ip4


iface eth1.303 inet manual
vlan-raw-device eth1

auto vmbr303
iface vmbr303 inet manual
bridge_ports eth1.303
bridge_stp off
bridge_fd 0
# pfsense netcard

I want to be able to to use all my ips and subnets to make things work with each and I want to be able to use pfsense

Main ? are:
what do i need to set my VM to:
make MV talk to each other in and of out of proxmox
what to set to have all talk to outside world
make them talk to pfsense before going to outside
inside proxmox they do not need to talk to pfsense
how to get web apps have own subname that way i can use my domain.com that is set to cloudflare and DNS

Here is My Hetzner:

ip.png
 
Last edited:
Hetzner blocks your VM's MAC Address as they only like the MAC of the Host itself.

To have a VM (pfsense) with a Public IP you need to request a MAC for a given individual (not subnet) ip and set that MAC Address in Proxmox VE for the VM.

My way handling this was installing shorewall on the Host and disabling the PVE Firewall everywhere.
 
Yes I do have ex mac for ip2.
eth0 in and out (Hetzner main ip)
vmbr0 in and out from eth0 (copy of eth0)
vmbr1 to pfsence with (MAC address for virtualization purposes)
seen somewhere he added ex subnets ip's to pfsence xx.xxx.xxx.184 thur xx.xxx.xxx.191 have them go to vm's
I would love to do this that way each vm has own ip
 
Maybe this can help ?
https://dominicpratt.de/hetzner-and-proxmox-pfsense-as-gateway/

BTW, your vmbr2 seem wrong.
first, your have a type "gataway", but anyway you don't have 2 gateway on your host, so remove it.
and you are doing nat on public subnet ? so you'll nat 95.xxx.xx.184/16 to 95.xxx.xx.14/26.
if you use pfsense, it's better to do nat inside pfsense for your private addresses. (for vms where you don't assign any public ip addresse)
 
well i did find that and have my setup with that im was about to install till hetzner server shut down and boot log said something about cpu error
I will let u know when comes after testing
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!