Question about using proxmox for pfsense with 1 NIC

A

Akhademik

New Member
Jun 6, 2023
23
0
1
To make it short i tried to achieve this setup but not sure if it doable?

- 1 tiny PC with only 1 rj45 port
- Proxmox installed on that tiny PC- 1 VM installed pfsense + 1 VM installed Windows 10 (for example)
So, i've on youtube with lots of tutorial that you can config a switch with vlan to use 1 NIC + switch as pfsense router. i think i get that. But my question is if i use only NIC from my tiny PC as a lan for pfsense. Then pfsense will work fine but the windows 10 inside of that proxmox will it also have internet?

Screenshot 2023-07-19 at 17.53.23.png

Hopefully with my diagram you guys understand my question. with this design will the red square whjich is VM and Win 10 have internet access?
 
You need at least two separated networks on you PVE host. WAN + LAN. Pfsense VM needs access to WAN + LAN. Win VM needs access to LAN.

To solve this there are 3 options:
1.) you buy another NIC. If you can't add a PCIe card, there are external Gbit-USB3.0-NICs, so WAN + LAN could have their own NIC
2.) you use tagged VLAN and a managed switch that supports IEEE 802.1Q. With that you can use WAN + LAN over that single NIC
3.) you only use WAN on that single NIC and use a bridge, that isn't connected to a physical interface, as some kind of isolated virtual switch to connect the LAN side of your Pfsense VM with the Win VM. But that way your Pfsense couldn't provide LAN for other devices.
 
Last edited:
  • Like
Reactions: Akhademik
for that i know. that's why it have a part when at first the tiny pc connnect to the first switch, because with that first switch it support vlan and we config it's port to 1 as wan, 1 as trunk port, 1 as internet out which will connect to another main switch.

i don't want to invest another usb - nic because i have a seperate router, but i'm just curious and want to make a fail-safe that i install pfsense on proxmox if the main router down i can hook it up to vm-pfsense and use it. so i think this one doable with vlan right? as you mentioned on option 2. I
 
Akhademik said:
To make it short i tried to achieve this setup but not sure if it doable?

- 1 tiny PC with only 1 rj45 port
- Proxmox installed on that tiny PC- 1 VM installed pfsense + 1 VM installed Windows 10 (for example)
So, i've on youtube with lots of tutorial that you can config a switch with vlan to use 1 NIC + switch as pfsense router. i think i get that. But my question is if i use only NIC from my tiny PC as a lan for pfsense. Then pfsense will work fine but the windows 10 inside of that proxmox will it also have internet?

View attachment 53162

Hopefully with my diagram you guys understand my question. with this design will the red square whjich is VM and Win 10 have internet access?
Click to expand...

Your drawing : only PC 1,2,3 have internet access, without ANY proper firewall protection.
pfSense and win10 will have NO internet access.

Furthermore, with 3 different mac addresses using 1 internet connection, your ISP will probably shut your connection down.
 
Maybe that diagram is wrong? Would make sense if "internet" would be "LAN" and "LAN" would be a tagged vlan trunk carrying the VLANs for LAN+WAN. If we talk as "WAN=insecure side of the firewall to the ISP" and "LAN = secure local network behind the firewall".
 
Last edited:
  • Like
Reactions: Akhademik and Spoonman2002
I think I know what he means and what his goal is,
but his diagram is missing details (at least the naming is wrong).

Green WAN line = (UNTAGGED) WAN VLAN100
Black LAN line = TAGGED WAN + LAN, VLAN100 + VLAN1
Grey INTERNET line = UNTAGGED LAN, VLAN1

VLAN numbers are examples, use your own.
 
Last edited:
  • Like
Reactions: Akhademik
guys, sorry for the delay because i was busy so can't reply. I think my diagram all wrong that why you can't get my idea.

So please look at the new one

So i have:
- 1 switch with vlan features
- 1 normal switch
- 1 proxmox with 1 NIC and 3 VMs ( pfsense, win 7 , win 8)
- 3 other PCS


First. the switch with vlan features will become a switch with 3 ports, 1 for trunk, 1 for WAN, 1 for internet out ( or LAN)
=> This will be config as in this tutorial: https://www.youtube.com/watch?v=jB5J0MlRUuM&list=PLPy3IRIGmEHJcqXVf6r83_qZxwg3rU2IO&index=20&t=1106s


Next, the internet out (LAN) will connect to second switch, and then that switch will distribute internet for any PC that plug in the switch.

The real question is. My Proxmox have only 1 NIC, if i use the config as in the youtube video. Will VM win 7, VM win 8 have internet or the only NIC on proxmox was used by VM pfsense ? Will internet will use the same trunk port to comback and redistribute internet for any VMs/CTs inside proxmox?

Hopefully i make myself clear this time. Sorry because English is not my native.

Screenshot 2023-07-23 at 17.41.51.png
 
Yes, you can use a vlan-aware bridge and then set the "VLAN Tag" for the virtual NICs of your VMs to the VLANID of your LAN. Then all physical machines + VMs should be able to use the pfsense as the gateway.
 
Last edited:
  • Like
Reactions: Akhademik
Dunuin said:
Yes, you can use a vlan-aware bridge and then setthe "VLAN Tag" for the virtual NICs of your VMs to the VLANID of your LAN. Then all physical machines + VMs should be able to use the pfsense as the gateway.
Click to expand...
I'll dig up more about it to know how to set it up. i need to ask first because i want to know if it doable or not so i'll invest on switch with vlan feature because currently i haven't got that.
 
Akhademik said:
I'll dig up more about it to know how to set it up. i need to ask first because i want to know if it doable or not so i'll invest on switch with vlan feature because currently i haven't got that.
Click to expand...
Sure thats doable. Doing the same here, just not with a single NIC but a single bond of 4 NICs. Buts it's basically the same thing.
Just keep in mind that you will be limited to 500Mbit throughput when using a single Gbit NIC when NATing between WAN and LAN. Especially not great if you for example do a backup to a NAS or similar and then the NIC is saturated by the backup data and ping of your internet might therefore not be great. Always better to have dedicated NICs so traffic won't interfere. But QoS might help a bit.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back