Proxmox + pfSense with dual /32 ip's

R

RickL1999

New Member
Mar 19, 2019
2
0
1
25
Hi,

I have got 2 IP's from my colocation service provider: 39.xxx.xxx.210/32 and 39.xxx.xxx.211/32. NOTE: the gateway for both IP's are: 39.xxx.xxx.1.
I can access proxmox fine with the .210 IP, but the .211 IP configured in pfsense does not work.
I tested this at home with a 192.168.192.0/24 network, and pfSense got an IP. And yes I know it is a different network, but I just want to use both IP's

This is my interface config:
Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual

iface eno2 inet manual

auto vmbr0
iface vmbr0 inet static
    address  39.xxx.xxx.210/32
    netmask  32
    gateway  39.xxx.xxx.1
    bridge-ports eno1
    bridge-stp off
    bridge-fd 0
#Uplink

auto vmbr1
iface vmbr2 inet manual
    bridge-ports none
    bridge-stp off
    bridge-fd 0
#pfSense LAN

When I try to ping to any ip such as 1.1.1.1, I get 100% packet loss, but no message of unreachable host.
But pinging to 39.xxx.xxx.210 from pfSense gets: no route to host.

How can I get the second /32 ip to work correctly? Do I need to configure something else in Proxmox or is pfSense at fault?
 
Could you also post your vm config (/etc/pve/qemu-server/<vmid>.conf)?

Assuming your pfSense is connected to vmbr0, and your .211 IP is routed over eno1 as well (i.e. the same physical connection as the .210), then yes, it should theoretically work if you assign the .211 IP to your pfSense. To the switch/router connected on the other side of eno1, it would simply appear as a sepereate device with its own MAC address.

You can also use tcpdump -i vmbr0 icmp on the PVE host to test if packets are appearing.
 
This is my pfSense.conf:
Code: 
agent: 0
balloon: 512
bootdisk: ide0
cores: 2
ide0: HHDRAID:100/vm-100-disk-0.raw,size=32G
memory: 4096
name: pfSense
net0: virtio=A2:FC:A6:0E:D4:1A,bridge=vmbr0
net1: virtio=EE:6E:BC:0A:B2:59,bridge=vmbr1
numa: 0
onboot: 0
ostype: other
scsihw: virtio-scsi-pci
smbios1: uuid=d60f5237-7883-4594-a994-4b841d814693
sockets: 1
startup: order=1
vmgenid: e17ad520-455a-4745-8813-9e71d60ec97e

But I solved the problem already, by changing the 39.xxx.xxx.210 subnetmask from /32 to /31.
The /31 subnet has .210 and .211. And the pfSense vm is able to use the IP.
I used mxtoolbox.com to find if there are 2 ip's in a /31 range that were assigned to me. And I was lucky as the .210 and .211 are together in a /31 subnet.

My /etc/network/interfaces looks now like this:
Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual
#1gbe ethernet port 1

iface eno2 inet manual
#1gbe ethernet port 2

auto vmbr0
iface vmbr0 inet static
    address  39.xxx.xxx.210
    netmask  31
    gateway  39.xxx.xxx.1
    bridge-ports eno1
    bridge-stp off
    bridge-fd 0
#WAN Proxmox + pfSense

auto vmbr1
iface vmbr1 inet manual
    bridge-ports none
    bridge-stp off
    bridge-fd 0
#LAN

The pfsense has now the .211, and I can get in and out.
I don't exactly know why the subnet change solved my problem, but it probarly has something to do with subnetting.


But thanks for the response anyways.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back