Route WAN from OpenWRT (vm0) to pfsense (vm1) and route everything else behind pfsense

I

Its Not Okay

New Member
Nov 3, 2022
12
0
1
I currently have an openwrt vm that gets WAN from a USB cellular modem that's attached to the VM. I'm trying to route the WAN from OpenWRT (VM0) to pfsense (VM1) as well as have every other VM routed behind the pfsense vm. How would I do route the traffic so the host also gets it's internet from the pfsense vm (vm1)?

Current /etc/network/interfaces config:

Code: 
auto lo
iface lo inet loopback

iface enp1s0 inet manual

auto vmbr0
iface vmbr0 inet static
address 192.168.100.2/24
gateway 192.168.100.1
bridge-ports enp1s0
bridge-stp off
bridge-fd 0

iface enp2s0 inet manual

iface enp3s0 inet manual

iface enp4s0 inet manual

iface enp5s0 inet manual

iface enp6s0 inet manual
 
Last edited:
Okay I added two new vmbrs, this is what my setup now looks like:

Proxmox - vmbr0 (192.168.100.3)

VM 100: openwrt lan - vmbr1

VM 101: pfsense - wan: vmbr1, vmbr2 static lan set to 192.168.100.2 (which is also vmbr0s gateway)

/etc/network/interfaces config:
Code: 
auto lo
iface lo inet loopback
iface enp1s0 inet manual
iface enp2s0 inet manual
iface enp3s0 inet manual
iface enp4s0 inet manual
iface enp5s0 inet manual
iface enp6s0 inet manual

iface enx000ec6ca3c39 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.100.3/24
        gateway 192.168.100.2
        bridge-ports enp1s0
        bridge-stp off
        bridge-fd 0
#Proxmox LAN

auto vmbr1
iface vmbr1 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0
#Cellular WAN

auto vmbr2
iface vmbr2 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0
#PfSense LAN

Issue now is that I can't access the web gui for either openwrt nor pfsense
 
Its Not Okay said:
Okay I added two new vmbrs, this is what my setup now looks like:

Proxmox - vmbr0 (192.168.100.3)

VM 100: openwrt lan - vmbr1

VM 101: pfsense - wan: vmbr1, vmbr2 static lan set to 192.168.100.2 (which is also vmbr0s gateway)

/etc/network/interfaces config:
Code: 
auto lo
iface lo inet loopback
iface enp1s0 inet manual
iface enp2s0 inet manual
iface enp3s0 inet manual
iface enp4s0 inet manual
iface enp5s0 inet manual
iface enp6s0 inet manual

iface enx000ec6ca3c39 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.100.3/24
        gateway 192.168.100.2
        bridge-ports enp1s0
        bridge-stp off
        bridge-fd 0
#Proxmox LAN

auto vmbr1
iface vmbr1 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0
#Cellular WAN

auto vmbr2
iface vmbr2 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0
#PfSense LAN

Issue now is that I can't access the web gui for either openwrt nor pfsense
Click to expand...
Well, your pfsense is now on vmbr2 and the proxmox IP is on vmbr0, so they are divided at Layer2.

I dont know openwrt, but that seems to be a way to provide a WAN. So the planned way would be
openwrt -> WAN (vmbr1 as it seems) -> pfsense -> LAN with your normals applications
am I right?

In that case it should be enough to switch the LAN interface of your pfsense from vmbr2 to vmbr0. There should also be no reason to have vmbr2 then.
 
Its Not Okay said:
I'm trying to route the WAN from OpenWRT (VM0) to pfsense (VM1) as well as have every other VM routed behind the pfsense vm. How would I do route the traffic so the host also gets it's internet from the pfsense vm (vm1)?
Click to expand...
So is your intended scheme

WAN<->OpenWRT<->pfSense<->Proxmox + VM's

Where does your physical LAN devices fit in this setup? And do your wireless devices need to access the LAN and VM's?
 
B.Otto said:
Well, your pfsense is now on vmbr2 and the proxmox IP is on vmbr0, so they are divided at Layer2.

I dont know openwrt, but that seems to be a way to provide a WAN. So the planned way would be
openwrt -> WAN (vmbr1 as it seems) -> pfsense -> LAN with your normals applications
am I right?

In that case it should be enough to switch the LAN interface of your pfsense from vmbr2 to vmbr0. There should also be no reason to have vmbr2 then.
Click to expand...
I tried setting pfsense lan as vmbr0 which is the same vmbr used by proxmox and I still can't access the pfsense web interface. pfsense is getting it's WAN from openwrt via dhcp assignment (pfsense wan: 192.168.100.146, lan: 192.168.100.2)
 
bobmc said:
So is your intended scheme

WAN<->OpenWRT<->pfSense<->Proxmox + VM's

Where does your physical LAN devices fit in this setup? And do your wireless devices need to access the LAN and VM's?
Click to expand...
Correct I have a Quectel RM502Q-AE (5G modem) connect via usb to the OPenWRT VM which provides WAN which then follows as you said: OpenWRT<->pfSense<->Proxmox + VM's.

Right now I just have a WiFi router connected to an ethernet port on the proxmox box which is the same port used as vmbr0 (enp1s0). For LAN devices I plan to just pass them all through to pfsense, haven't really gotten to that part yet. First trying to access pfsense web gui and connect proxmox host so it gets internet from pfsense
 
Its Not Okay said:
I tried setting pfsense lan as vmbr0 which is the same vmbr used by proxmox and I still can't access the pfsense web interface. pfsense is getting it's WAN from openwrt via dhcp assignment (pfsense wan: 192.168.100.146, lan: 192.168.100.2)
Click to expand...
Are those IP adresses right? Then pfsense has two interfaces in the same subnet on two different bridges. That works but requires the right routing rules in pfsense.
 
OPenWRT uses iface enx000ec6ca3c39 for wan then?

What Linux bridges does OpenWRT use? for Wan and for Lan? Does or will anything else connect to OpenWRT besides pfsense?
 
B.Otto said:
Are those IP adresses right? Then pfsense has two interfaces in the same subnet on two different bridges. That works but requires the right routing rules in pfsense.
Click to expand...
Yes it did, I fixed changed it so OpenWRT's lan is 172.16.10.1, pfSense WAN is 172.16.10.2 and it's LAN is 192.168.100.2. Proxmox however still doesn't get internet behind pfsense.

OpenWRT uses vmbr1 which pfsense uses as WAN. And I have pfsense LAN as vmbr0 which is the same vmbr used by proxmox. This box has 6 gigabit ethernet ports I want to use them all in VLAN 10 in pfsense (wired devices (would I have to passthrough all 6 adaptors to pfsense for this?)), have a VLAN 20 which is enx000ec6ca3c39 (gigabit usb adapter) connected to a router in access point mode and have another VLAN 30 connected to another gigabit usb adapter for Cameras.
 
Last edited:
vesalius said:
OPenWRT uses iface enx000ec6ca3c39 for wan then?

What Linux bridges does OpenWRT use? for Wan and for Lan? Does or will anything else connect to OpenWRT besides pfsense?
Click to expand...
OpenWRT uses vmbr1 which pfsense uses as WAN. And I have pfsense LAN as vmbr0 which is the same vmbr used by proxmox. This box has 6 gigabit ethernet ports I want to use them all in VLAN 10 in pfsense (wired devices (would I have to passthrough all 6 adaptors to pfsense for this?)), have a VLAN 20 which is enx000ec6ca3c39 (gigabit usb adapter) connected to a router in access point mode and have another VLAN 30 connected to another gigabit usb adapter for Cameras.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back