Proxmox virtualized Pfsense with one public IP

R

rokjan

Guest
Hi ...


I have virtualized pfsense-2.0.3 within Proxmox. It installs properly and pfsense I access panel (up there all normal). Only that would act as Pfsense firewall + router (as was to be expected) but possess only a single public IP address. I intend to typical configuration as follows:


Internet --- Modem ---- Proxmox eth0 Interface [interface vmbr0 (WAN)] --- pfsense --- vmbr1 interface (LAN) [eth1 Proxmox] --- LAN ---- LAN clients switch


Through the guidance: http://forum.proxmox.com/threads/2020-Proxmox-Pfsense-working-setup-solved-2-NIC managed only accessed by public IP to pfsense, however within this I can not ping or to an external IP address or google, from outside (Internet) if I can do the same via https or ssh access.


I saw in: http://forum.pfsense.org/index.php?topic=50013.0 which is similar to what I try.


I think I'm failing at something simple, I would seek to guide or give me some guidelines. Thanks
 
pfsense needs to hold both bridges: vmbr0 & vmbr1. I would leave the default vmbr0 as it is and use vmbr1 for WAN.
 
snowman66:

Please will you can show me your settings /etc/network/interfaces to your Proxmox and so to compare or correct mine?
Thanks for your help.
 
This is my /etc/network/interfaces file:

Code: 
root@proxmox-ve ~ # cat /etc/network/interfaces 
# network interface settings
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
    address  176.xxx.126.xxx
    netmask  255.255.255.224
    gateway  176.xxx.126.xxx
    broadcast  176.xxx.126.255
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward

auto vmbr1
iface vmbr1 inet manual
    bridge_ports none
    bridge_stp off
    bridge_fd 0

And my pfsense is configured as transparent firewall between vmbr0 and vmbr1, meaning on pfsense WAN is set to vmbr0 and LAN is set to vmbr1 and WAN is bridged to LAN inside pfsense. All traffic to LAN is going through pfsense and the machines on LAN don't even need to know about pfsense.

EDIT: But my VM's on the LAN side have public IPs. So you might need some sort of NAT?
 
Last edited:
OK, thanks Frazze, I'll check my settings.
To answer your question, if you do NAT for all clients on the LAN, to have access to the Internet, and also my virtual machines, all through a single public IP I have, is that pose a public network with mask : 255.255.255.252


Greetings and see if someone else can comment, if you had a case similar to that pose.
 
hello ...
unfortunately I still can not solve the proposed architecture to enable a router in a virtual machine and through it to provide internet access. In my setup I have the following:

auto vmbr0
iface vmbr0 inet manual
bridge_ports eth0
bridge_stp off
bridge_fd 0

auto vmbr1
iface vmbr1 inet static
address 192.168.0.11
netmask 255.255.255.0
bridge_ports eth1
bridge_stp off
bridge_fd 0


vmbr1 which connects to the LAN and the WAN vmbr0 (Internet). In my virtual machine (pfsense) the specific public IP address
Please if anyone would like to implement a similar architecture, could give me a clue on how to proceed. Grateful for any help
 
rokjan said:
hello ...
unfortunately I still can not solve the proposed architecture to enable a router in a virtual machine and through it to provide internet access. In my setup I have the following:

auto vmbr0
iface vmbr0 inet manual
bridge_ports eth0
bridge_stp off
bridge_fd 0

auto vmbr1
iface vmbr1 inet static
address 192.168.0.11
netmask 255.255.255.0
bridge_ports eth1
bridge_stp off
bridge_fd 0


vmbr1 which connects to the LAN and the WAN vmbr0 (Internet). In my virtual machine (pfsense) the specific public IP address
Please if anyone would like to implement a similar architecture, could give me a clue on how to proceed. Grateful for any help
Click to expand...

Hi,
the pve host don't have an gateway entry! To reach from the host the internet you must have the pf-sense-address defined as default router.
Like "gateway 192.168.0.1", or whatever IP your pfsense has.

If this is done ( you can use "ip route add default via 192.168.0.x") you can try to ping an outside address (check before the the dns-resolving (/etc/resolv.conf) is working) and look with "tcpdump -i vmbr0" what happens - mean does the NAT work.

Udo
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back