Proxmox web interface not working after installing pfSense

Papa_Dragon

New Member
Mar 30, 2023
16
0
1
Hello,

I'm encountering an issue with accessing the web interface of my Proxmox server.

Here's my setup:

I have a Dell R710 server running the latest version of Proxmox, and I recently installed pfSense as a VM on it. Currently, pfSense is the only VM running, and it is connected to the LAN.


My networking setup is as follows:

My ISP connection goes to the WAN interface on my server, and from there, it connects to a network switch. The LAN connection from the switch is connected to the server's built-in 4-port NIC.

Initially, I tried configuring pfSense to use the PCIe NIC, but it didn't detect the hardware, so I ended up reinstalling Proxmox a few times. Finally, I created two bridges to resolve the issue. The first bridge, vmbr0, is connected to the PCIe NIC, and the second bridge, vmbr1, is connected to the eno1 interface, which was originally providing internet to the server.

Now, I'm facing another problem. Although pfSense is running and has internet access, I can't access the web interface of my Proxmox server. I have an idea of what the Proxmox server's IP address might be, but I suspect that the issue might be related to DNS.

I have tried changing the DNS settings, but I don't get any internet access as a result. I also attempted to edit the "/etc/network/interfaces" file using the "cmd" command, but I didn't get any internet access after making the changes. For now, I have set the DNS to whatever gives me internet access.



The CMD I have used to troubleshoot is as follows

nano /etc/resolv.conf which currently is set up to this

comein es.shawcable,net
search eg.shawcable.,net
nameserver 64.59.135.147
nameserver 64.59.120.113


Nano /etc/network/interfaces

auto 1o
iface lo inet loopback
iface eno1 inet manual
iface eno2 inet manual
iface eno3 inet manual
iface eno4 inet manual
iface enp6s0f0 inet manual

I iface enp60of1 inet manual
auto vmbro

iface vmbro inet static
address 10.0.0.15/24
bridge-ports enpes0f0
bridge-stp off
bridge-fd
sauto vmbr1

iface vmbr1 inet manual
br idge-ports eno1
bridge-stp off
bridge-fd 0

These cmds I also have tried
-chmod 644 /etc/resolv.conf
-ip route add default via 192.168.1.1 dev vmbr0
-unlink /etc/resolv.conf

I would appreciate any additional troubleshooting steps or guidance to help resolve this issue. Thank you in advance
 

Attachments

  • 20230527_050633.jpg
    20230527_050633.jpg
    719.8 KB · Views: 18
  • 20230527_050523.jpg
    20230527_050523.jpg
    952.7 KB · Views: 18
When you boot the Proxmox server, it will go through its boot routine, eventually arriving at a text screen which tells you the IP address and port that the Proxmox web interface can be accessed on. Do you have a Monitor/LCD attached to the Dell R710 to allow you to see this?
 
  • Like
Reactions: tebcas
When you boot the Proxmox server, it will go through its boot routine, eventually arriving at a text screen which tells you the IP address and port that the Proxmox web interface can be accessed on. Do you have a Monitor/LCD attached to the Dell R710 to allow you to see this?
Yes I do
 
Excellent, then you will be able to log in directly, and run the command:

ip a

This will show you the assigned IP addresses of each interface.
If you find the output is too long [you can't scroll] ]use:

ip a | more

This will allow you to examine the output page by page.

Another thing, with the machine you have communicating to the proxmox box, do you have it on the same network address range [subnet] as the proxmox unit's web interface address?
 
Excellent, then you will be able to log in directly, and run the command:

ip a

This will show you the assigned IP addresses of each interface.
If you find the output is too long [you can't scroll] ]use:

ip a | more

This will allow you to examine the output page by page.

Another thing, with the machine you have communicating to the proxmox box, do you have it on the same network address range [subnet] as the proxmox unit's web interface addresse
Okay so when I do there CMD 'ip a' the only address I get is from my vmbr0 and that's 10.0.0.15/24 the rest don't seem to have an IP address.
I believe so the IP range I have is 10.0.0.0-10.0.0.235 something like that. So I believe it has.
 
Okay, I'll give you an example of a working configuration:
1685277492512.png

1685277563410.png

1685277803963.png
The idea here, is for you to examine a working configuration and its output, and to contemplate the differences to your own.
Hopefully, it'll provide a few pointers as to why your current configuration is non-functional.

Note: I tend to provide examples like these to give the opportunity to learn about the system, as it's far more valuable in the long-run.
 
Okay, I'll give you an example of a working configuration:
View attachment 50910

View attachment 50911

View attachment 50914
The idea here, is for you to examine a working configuration and its output, and to contemplate the differences to your own.
Hopefully, it'll provide a few pointers as to why your current configuration is non-functional.

Note: I tend to provide examples like these to give the opportunity to learn about the system, as it's far more valuable in the long-run.
I really appreciate that thank you! Cuz as much as I want help to get this up and running as well as just a quick answer, I also want to learn how to solve this issue so that later on down the road if I ever run into this issue I know how to resolve it. That's just the kind of person I am. So when I get home from work I will try to compare these examples to my own.
 
I saw that you only have one bridge. I had to create two bridges in order for PF sense to recognize the hardware. The pcie network card, is expressed as enp6s0f0, enp6s0f1 and I have eno1-4 on my server. How did you get your ens261 to allow internet? I couldn't figure that out. So I guess i have to delete and restart? Or is there a way to fix this?
 
Okay, so let's go over a quick config:
VMBR0 is connected to ens261, I have assigned an address to the bridge and told it where the internet gateway is; the server connects to the net like a device normally attached to the LAN, but you might use an external IP with a gateway device configured further up the chain.
On your config, you might have VMBR1 connected to eno1, and it would have an IP address only; no gateway, because that's configured on VMBR0.

Now, conceptually, you can connect as many devices as you want to each bridge. So, PFSense might have the WAN connected to VMBR0, with its own IP and gateway settings configured for that interface internally in PFSense itself.
PFSense would then have a LAN interface connected to VMBR1, and PFSense would have an IP configured internally for that interface.

Outside of all this system, let's connect a PC to the switch. From the PC, we could talk to PFsense's internal interface connected to VMBR1. However, we could also talk to Proxmox's internal interface configured on VMBR1. Depending on PFSense's configuration, we might be able to connect to it's external WAN IP. In terms of proxmox, we should be able to connect to its external IP, but that also depends on what you have decided to firewall off on that interface.

In all cases, the VMBR bridges are just that, bridges. Other things connect to them, such as an assigned physical port. You can also have VMBRs without configurations, so, you connect two virtual interfaces (each one from a different virtual machine), manually give the Virtual machine's IP addresses for those virtual interfaces, and then have those two Virtual machines talk to each over over the VMBR.

Thinking further, think of the VMBR this way, it is a switch. You attach things to it using virtual interfaces, and you may give it a bridge port, which acts like a gateway/uplink of sorts attached to it.

Sorry for the ramble, but does this help a little?
 
Hmm, it help my understand what's going on behind the scenes, instead of just blindly following a YouTube video. But does this help my case? With this fix the issue? Or would it be more worth it too completely restart?

When I initially was trying to set up since I was following a YouTuber called TechnoTim, cuz my buddy told me he's good. And so I was following it and when he set up here since he went into hardware>add PCIe> then added his card. So I did the same thing. But when I did that I had to first enable iommu, which is a whole other issue that I have resolved by doing the CMD allow_unsafe_interrupts, but what I do so it messes my ZFS pool. But I went on to try booting up PF sense, it boots but then whenever it goes to configure the WAN and LAN it does not recognize any device, even though I have set pcie device.
 
Last edited:
Sorry for getting back so late; been a hectic week. Okay, this clarifies a lot of things.
When you forward a device into a VM, you take that device away from the host. So, the proxmox host won't be able to use the device.
In the case of network cards, that can get pretty messy pretty quickly.
So, in my case, I don't forward the devices into the VM; I add interfaces for the VM and bridge them to the ports in proxmox using the VMBRs.
You'd want one VMBR, which has a port on the inside, and the other with a port on the outside.
Internally, PFSense will see the virtual interfaces on the VMBRs, which face out in their respective directions; physically.

Does that help a little?
 
so i ended up taking my isp modem out of bridge mode and I got proxmox back!! but now Im running into an issue where i can only access it when it is not in bridge mode. this is my current setup with the network. no pfsense installed as a VM yet. mind walking me through this?
 

Attachments

  • Screenshot (9).png
    Screenshot (9).png
    130.7 KB · Views: 48
I have few pfsense VMs running on my PVE nodes as wireguard VPN servers. Before the initial boot up make sure you "disconnect" the network interface that is connected to your LAN bridge. Pfsense will dish out DHCP and will cause IP issues on your LAN network. Once pfsense boots up manually assign the IP to the LAN network. I am assuming you have DHCP server elsewhere on your LAN network so disable DHCP in pfsense.
 
I have few pfsense VMs running on my PVE nodes as wireguard VPN servers. Before the initial boot up make sure you "disconnect" the network interface that is connected to your LAN bridge. Pfsense will dish out DHCP and will cause IP issues on your LAN network. Once pfsense boots up manually assign the IP to the LAN network. I am assuming you have DHCP server elsewhere on your LAN network so disable DHCP in pfsense.
oh okay so just unplug the ethernet cable? okay ill give this a try
 
okay, should I add the second bridge? cause I got vmbr0=WAN which is my network card enp6s0f0 and the vmbr1= LAN = eno1 (which I want this config to be how I would like this to be set up is:
1 ethernet going to your network card (WAN)
1 coming from port 1 on the server to your switch (LAN)
1 coming from the switch to port 4 on your server

this is the IP a cmd
root@Olympus:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr1 state UP group default qlen 1000
link/ether 84:2b:2b:5f:f4:7e brd ff:ff:ff:ff:ff:ff
altname enp1s0f0
3: eno2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 84:2b:2b:5f:f4:80 brd ff:ff:ff:ff:ff:ff
altname enp1s0f1
4: eno3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 84:2b:2b:5f:f4:82 brd ff:ff:ff:ff:ff:ff
altname enp2s0f0
5: eno4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 84:2b:2b:5f:f4:84 brd ff:ff:ff:ff:ff:ff
altname enp2s0f1
6: enp6s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
link/ether 00:1b:21:38:dd:98 brd ff:ff:ff:ff:ff:ff
7: enp6s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:1b:21:38:dd:99 brd ff:ff:ff:ff:ff:ff
8: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:1b:21:38:dd:98 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.15/24 scope global vmbr0
valid_lft forever preferred_lft forever
inet6 fe80::21b:21ff:fe38:dd98/64 scope link
valid_lft forever preferred_lft forever
9: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 84:2b:2b:5f:f4:7e brd ff:ff:ff:ff:ff:ff
inet 10.0.0.115/24 scope global vmbr1
valid_lft forever preferred_lft forever
inet6 fe80::862b:2bff:fe5f:f47e/64 scope link
valid_lft forever preferred_lft forever


my nano /etc/network/interfaces

iface eno2 inet manual

iface eno3 inet manual

iface eno4 inet manual

iface enp6s0f0 inet manual

iface enp6s0f1 inet manual

auto vmbr0
iface vmbr0 inet static
address 10.0.0.15/24
gateway 10.0.0.1
bridge-ports enp6s0f0
bridge-stp off
bridge-fd 0
#WAN

auto vmbr1
iface vmbr1 inet static
address 10.0.0.115/24
bridge-ports eno1
bridge-stp off
bridge-fd 0
#LAN
 
Last edited:
okay well i got it up and running now. i am on the pfsense webpage no problems there but looking at the interfaces the WAN doesn't have an IP address? it just shows a red "x" I think its due to the fact that it is set up as DHCP? Also due to the fact that i cant seem to get internet when I connect my computer to the switch, for now I have the isp modem NOT in bridge mode just so that i have access to everything. When would a good time be to put the isp modem into bridge mode? also did I mess something up?
 
Last edited:
For clarification, the Wan and Lan ports for the PFsense VM are on separate physical switches? No loops?
i got it working!! and for a few days it worked, and it still is working! but I ran into another issue. if anyone in the future is reading this make sure that your WAN has a DIFFERENT IP RANGE from your LAN!! that was my mistake and why it was not working. to elaborate, I had my WAN IP range from 10.x.x.0-10.x.x.253 and I set my LAN IP let's say it was 10.x.x.123 so it was on the same network as the WAN. and I changed the LAN to a different IP range so now it ranged from 198.xxx.x.100-198.xxx.xx.200 as a range for my LAN. But I was trying to port forward a Minecraft server (btw I would like some advice if you got the time) so I rebooted the server and now the web interface which was working btw is now no longer loading. and I have toughed nothing at all. but to answer your question yes I have a loop. my setup goes like this isp>bridgemode>my pcie nic card>then from the OG nic card (what I have is eno1-4) is eno1>switch>eno4

edit. i can access my proxmox server but only when my isp modem is not in bridge mode. the server IP address is 10.0.0.1x and i believe that it is conflicting with the WAN interface
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!