PVE 8 PFsense WAN Passthrough

M

marshe

New Member
May 27, 2023
10
1
3
Trying to get PFsense working in a VM. Can't seem to get an IP address from my ISP on my VM-PFsense. I have a VMBR1 (virtual bridge that is passing my isp's link through the Proxmox server to my netgear router but cant seem to get it into PFsense. [Modem>i82571NIC-P1>i82571NIC-P2>BR200]<both i82571NIC ports on same VMBR1> and getting internet from BR200, but when BR200 is off and PFsense VM running (yes VMBR1 is WAN port in pfsense) it does not pass internet nor have an ip address on ISP. I have tried letting Modem rest/reset.

VMBR0 = Intel x520 DA4 + Eno1 (Eth to BR200 LAN - DAC to C3850)
VMBR1 = intel 82571
VMBR2 = second onboard NIC connected to BR200 LAN

Hardware:
Router: Netgear BR200 (backup router)
Netswitch: Cisco Catalyst 3850
MoBo: ASUS x99-e WS
CPU: intel xeon e5-2690 v4
RAM 128gb LRDDR4 (4x32gb)
PCI-e: s7-Radeon Pro w3200 (video output GPU)
s1-----Nvidia Tesla p4 (encode GPU)
s5-----Intel x520 DA4 (4port SFP+ 10g NIC)
s2-----Intel 82571 NIC (2port GbE)
s4+s6-Intel RS3DC040 SAS controller with a RES2SV240 expander (jbod)
s3-----Intel SSD 750 series 400GB
 
Hi Marshe,
marshe said:
[Modem>i82571NIC-P1>i82571NIC-P2>BR200]<both i82571NIC ports on same VMBR1>
Click to expand...
All details are there, but I have trouble parsing this amidst the other lines of text. Care to fix wording/spacing/layout?

The gist is that you bridged two ports in order to allow your Netgear router as well as PFSense to request a connection from your ISP?

marshe said:
but when BR200 is off and PFsense VM running [there is no internet]
Click to expand...
Do you imply that your VM does get an IP from your ISP when the router is on, i. e., your subscription includes multiple IPv4?

I run a similar setup, with OPNSense instead of PFSense, but without the complexity of a fail-over connection. Does it run on your end with a simpler setup? What kind of requirements does your ISP have for connectivity, as far as DHCP, PPP or VLAN is concerned?
 
So when I tried the PFS, I turned off BR200 and then turned on PFvm. but it still did not get an ip or internet. then tried doing that after restarting the modem. The netgear BR200 does not have any modification done on isp side of the connection outside of the default
 
Just finished trying to set vmbr2 up as it’s wan with the connection to the br200 lan and still not getting an ip on PFs-vm wan side
 
Do you have prior experience with Proxmox or PFsense? Things work well once setup, but initial setup has a steeper learning curve than powering on your ISP's router and connecting WiFi.

If you have a spare machine laying around, you could set up your firewall there for trying it out and making sure you have a configuration that works.

The configuration can be exported and imported on another machine (depending on NIC-vendor, you might need to rename the interfaces).

Back to Proxmox + PFSense
marshe said:
trying to set vmbr2 up as it’s wan with the connection to the br200 lan and still not getting an ip on PFs-vm wan side
Click to expand...

Do your VM's in general get an IP without problem when connected to your (ISP) router? Does the same go for your PFSense VM, when connected in cascade behind the ISP router?

For reference, these are the settings of my OPNSense VM,

1699756313560.png

with networking on the node like this:

1699756377824.png

  • eno1 is the LAN connection, bridged to vmbr0. This port is connected to the switch.
  • eno2 is the WAN connection, bridged to vmbr1. This port is connected to the media converter (glass/copper)

On the OPNSense side, the bridges are connected to the respective network devices:
1699756580289.png

  • em0 is connected to vmbr1 as LAN port
  • on the WAN side my ISP requires PPPoE over a VLAN; the VLAN runs over em1 which is connected to vmbr2
 
ISP does not use PPPoE (they provided a fiber modem), it is my Netgear BR200. VMBR2 is run back to the BR200 for testing purposes trying to get this working. Then set it as main and turn off the EoL BR200.
VMhw.pngPXnet.pngScreenshot 2023-11-12 012607.png

I do have a spare PC I could use but not the Rackspace to place it. 4u rack server is 2u, then switch 1u, finally the 1u patchpanel. which is why I'm Virtualizing it.
 
Last edited:
Your WAN / vtnet2 is set to DHCP, is it not?

If the fiber modem provides DHCP over plain ethernet, I'd say it should 'just work'.

Just for troubleshooting, you could download an Alpine Linux container via the built in catalog, connect it to vmbr2 and fire it up to see if it receives an IP.

One difference I spot is that I used another network driver and did not turn on the firewall on the device, but since I hardly us VMs I have no idea whether that should make a difference.

By the way, I still can't make sense of your first post :p
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom