PROXMOX with pfsense VM as home router

H

haris013

New Member
Feb 26, 2018
8
0
1
44
Hello everyone!

I have a physical PC with an embended nic on motherboard and a pcie card intel pro 1000pt quad port.

I have successfully installed proxmox VE and the management NIC to access the web interface is the m/b nic.

I have created a VM with pfsense following by the book this guide (doc.pfsense.org/index.php/Virtualizing_pfSense_on_Proxmox)

My question is how safe is pfsense as a home router running from VM and how the wiring goes?

my current network is something like the diagram i attached.



I suppose i will need a switch in order to plug all my devices there.

Is the following wiring correct?

ISP's modem router at bridge mode ---> pfsense WAN assigned port

pfsense LAN assigned port ----> switch ----> all my network devices including the proxmox management port?

How I can secure my network across the devices?

For example i have another mini server with freenas installed bare metal, this server has many important files, how should the networking be configured in order to secure my server?
 

Attachments

  • homenetwork.png
    homenetwork.png
    31.2 KB · Views: 400
Hi,

you can go 2 different ways.
1. use for each nic a dummy vmbridge (bridge without a ip). Attache to this bridges the pfsence.
2. use pci-passthrough and attache the nics direct to the pfsence.
 
  • Like
Reactions: haris013
I have followed the first way.

Is that safe for home use or i am exposed to threats inside my network?

Any advices about the architecture of my network?
 
  • Like
Reactions: haris013
After playing around with pfsense i have a few more questions, i have a ps4 and a PC connected via powerline, i would like to isolate these devices to "another" network for security reasons but i will need these devices to have internet access. How i can do that? can i create another bridge nic and asign it to pfsense as another lan port?

If i need to create other VMs and connect them to my main network where i will bridge them?
 
You have do the hole isolation in the pfsense not on Proxmox VE.
Every port has it own bridge attach to the pfsense and one extra bridge for the VM attach to the pfsense.
 
Hello again, I am little confused, I have 3 physical ports with one by one bridge attached to pfsense vm.

One for wan, one for lan and one for lan2. If I would like to connect another vm to lan or lan2 how I am suppose to do the bridge? Am I going to create another bridge for the lan assigned bridge? A bridge to an already existed bridge?
 
You create a fourth bridge lets say lan3. This bridge has no nic and no IP address.
This bridge you connect also with the PFSense and with all your Guest.
Than you have in your PFSense tree LAN ports and one WAN port.
 
Great, it worked!

Which are my options in case of a hardware failure at the physical machine where proxmox runs?

I know that another physical server with cluster and high availability setup is the best approach but I cannot afford at the moment the purchase of another machine.

I was thinking to move my VMs at a freenas share I got, instead of a local ssd drive that now are saved.
What else can I do? Can I backup the whole proxmox setup to another drive so in case of failure, do a simple restore at running again?
 
haris013 said:
Which are my options in case of a hardware failure at the physical machine where proxmox runs?
Click to expand...
The same as every other device fail. ;-) Fix it, change it.

haris013 said:
What else can I do? Can I backup the whole proxmox setup to another drive so in case of failure, do a simple restore at running again?
Click to expand...
Make bakups from the Vm and store them on the freenas.
Use a mirror for the rootfs or backup the /etc.
Keep always a PVE iso for installation.
 
Are you trying to create multiple LAN networks? If that's not your goal you can add your extra NIC ports to the LAN bridge in proxmox. Each NIC can communicate with the proxmox server @ 1Gb/s simultaneously. the WAN bridge should only have the one NIC to connected to your modem. Make sure your proxmox install is on the LAN bridge.

One thing to note is there is a hardware checksum or something in pfsense that doesn't work with virtual bridges. Turn it off in pfsense or you will have a very slow network.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back