Root Server with Proxmox behind virtualized FW

V

virtualizedworld

New Member
Oct 15, 2020
2
0
1
25
Hello everyone, I know there are already many threads on this topic, but so far nobody has helped me.

My structure looks as follows:

Rented root server at Hetner with fixed ipv4 and an additionally booked ipv4.

On the Proxmox runs an OPNsense firewall. All VMs hang in the LAN behind the OPNsense, this works also so far.
But my goal is to reach the Proxmoxserver and everything behind it only via VPN. From the outside only those devices should be reachable, which I make reachable via reverse proxy from the outside.

I don't want the Proxmox to communicate over the public IP. It should also route all traffic through the firewall.

Code: 
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback
iface lo inet6 loopback

auto enp6s0
iface enp6s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address 178.XX.XX.10/26
        gateway 178.XX.XX.1
        bridge-ports enp6s0
        bridge-stp off
        bridge-fd 0
        bridge_maxwait 0
        dns-nameservers 8.8.8.8 4.4.4.4
        up route add -net 178.XX.XX.0 netmask 255.255.255.192 gw 178.XX.XX.1 dev enp6s0
        #Additional IPv4
        up route add -host 178.XX.XX.39 dev vmbr0

        

#LAN Interface for Proxmox / all VMs / Containers

auto vmbr1
iface vmbr1 inet static
        address 10.178.1.2/24
        gateway 10.178.1.1
        bridge-ports none
        bridge-stp off
        bridge-fd 0


all VMs are attached to VMBR1, the OPNsense to VMBR0

How can i turn Proxmox to work like any VM in this network behind the OPNSense?

The VPN is already working, but the Proxmox host is not getting the right route into my home network and is trying to route its traffic through the WAN.

Many thanks in advance
 
I would setup Promox with vmbr0 and vmbr1, then I would setup pfSense (or OPNsense) and assign vmbr0 with my WAN address to pfSense and vmbr1 with my internal network. All external traffic would go through the pfSense VM. Then on the pfSense VM, setup a VPN interface with a VLAN for 'Private' traffic, create a firewall rule that only allows traffic from VPN interface to reach Proxmox and any other VM's in that VLAN. Create another VLAN for 'Public' access
 
I managed to restrict access to Proxmox via the pveproxy file. I guess it's working fine. I also managed to route the traffice in my homenetwork via a static route with

Code: 
ip route add 192.168.178.0/24 via 10.178.1.5 dev vmbr1

my problem now is, that I can't add this route with the interfaces file. I tried following:


Code: 
auto vmbr1
iface vmbr1 inet static
        address 10.178.1.2/24
        gateway 10.178.1.1
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        up ip route add 192.168.178.0/24 via 10.178.1.5 dev vmbr1

but the route wont show up after reboot
 
virtualizedworld said:
but the route wont show up after reboot
Click to expand...
* check the journal since the start of booting (`journalctl -b`) for messages when the network was set up
* on a hunch - try adding the route-addition as 'post-up' command (instead of 'up')

I hope this helps!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom