Proxmox & pfSense - no internet

[Mischmosch]

Hello everyone,

I followed the following instructions: https://mayfly277.github.io/posts/GOAD-on-proxmox-part1-install/#install-pfsense
The only difference to the instructions is that my server is at home on my LAN. I have just installed it for the GOAD.

Here are my configurations:



Unfortunately, with the SSH tunnel I only get the error message:
“channel 4: open failed: connect failed: No route to host"
"channel 3: open failed: connect failed: No route to host”

command: "ssh -L 8082:192.168.1.2:80 root@192.168.1.190"

Do any of you have an idea where exactly my issue lies? Unfortunately, I'm not very network-savvy.

Thank you and best regards,
Mischmosch

 

[Rares]

Can you also post the config of the VM? Is the second Network card of the VM on vmbr0?

By default on pfsense you do not have SSH enabled.

By default ping is filtered. Can you add a Firewall floating rule to allow all all ICMP IPv4 packets? If you did, can you ping from the Proxmox host 192.168.1.2?

By default pfsense blocks bogous networks on WAN. This means that 10.0.0.2 will be filtered on WAN interface.

Regards,
Rares

 

[Mischmosch]

Can you also post the config of the VM?

boot: order=scsi0;ide2;net0;net1;net2
cores: 2
cpu: x86-64-v2-AES
ide2: local:iso/pfSense-CE-2.7.2-RELEASE-amd64.iso,media=cdrom,size=854172K
memory: 4096
meta: creation-qemu=9.0.2,ctime=1724074425
name: pfsense
net0: virtio=BC:24:11:10:84:E5,bridge=vmbr1,firewall=1
net1: virtio=BC:24:11:C6:CF:08,bridge=vmbr2,firewall=1
net2: virtio=BC:24:11:44:4C:F2,bridge=vmbr3,firewall=1
numa: 0
onboot: 1
ostype: l26
scsi0: local-lvm:vm-100-disk-0,iothread=1,size=40G
scsihw: virtio-scsi-single
smbios1: uuid=d89a7072-629b-45d7-b65b-475f32c4ccc3
sockets: 1
vmgenid: 73a57ba6-2fbb-4186-8c15-3f31e321e9c5

Is the second Network card of the VM on vmbr0?

nope. the second one (now) removed cuz no use.

By default on pfsense you do not have SSH enabled.

yes, i saw. i activated it via pfsense Console (Option 14: Enable Secure Shell (sshd))

By default ping is filtered. Can you add a Firewall floating rule to allow all all ICMP IPv4 packets? If you did, can you ping from the Proxmox host 192.168.1.2?

How exactly can I do this? I always struggle with the Proxmox firewall. fyi: Firewall is completely deactivated on the entire node.

By default pfsense blocks bogous networks on WAN. This means that 10.0.0.2 will be filtered on WAN interface.

Do I have to configure this separately?

Thank you!!!

 

[Rares]

net1: virtio=BC:24:11:C6:CF:08,bridge=vmbr2,firewall=1

I would move this to vmb0. One more thing, since your PFsense lan is on same network like your local network, don't you get DHCP server conflicts with your local router? it could happen if you move to vmbr0.

How exactly can I do this? I always struggle with the Proxmox firewall. fyi: Firewall is completely deactivated on the entire node.

In PF Sense, Firewall > Rules > Floating > Add:
Action: Pass
Interface: all
Family: IPv4
Protocol: ICMP
Suntype: All

Do I have to configure this separately?

In PF Sense, Interfaces > WAN > scroll to bottom > Uncheck: Block private, Block bogon. (BUT this is only for you to play with 10.0.0.1 on WAN)

Restart the VM.

After this, from Proxmox root shell try to ping 192.168.1.2 .

If you want to play simulate real life scenario you can stay on vmbr2, 3 an create other VMs / CTs on vmbr2,3 as clients to ping to and from.

Rares