I just moved and I have a modem and the proxmox machine ive been using for my everything network host. Im relatively new to the world of proxmox and networking alike and I am having issues getting the machine to connect to the internet. My set up is currently modem>proxmox>opnsense vm>cisco switch. I am on a fresh install of proxmox as I broke everything before I moved and wanted to start from scratch at the new place. Should I get a router to put before proxmox or is there a way to enable DHCP on the NIC port that connects to the modem? Or am i completely looking at this the wrong way? i have vmbr0 as my ingress and vmbr1 as my egress to the home network.
setting up network for OPNsense vm
- Thread starter YourFriendHowy
- Start date
Tbh if you are not familiar with PVE and VMs it will be a lot easier with a separate router. For instance if you have a PVE issue you may not have Internet to resolve it.
Are you passing through this NIC to the VM? If not I would be very careful to not expose PVE to the Internet. If it's passed through, you would simply be connecting the OPNsense WAN port to the Internet.
Are you passing through this NIC to the VM? If not I would be very careful to not expose PVE to the Internet. If it's passed through, you would simply be connecting the OPNsense WAN port to the Internet.
Tell us about your hardware. Especially Proxmox. How many NICs do you have installed/available? I find if you want to run OPNsense (or in my case, the very similar pfSense) the easiest rout is if you have 2-4 NICs available. It can certainly be done with just one NIC, but it get exponentially more complicated if you do it that way. Also, I am not a fan of passing through NICs to the router/firewall software. Again, while you can do that, I find it a lot easier to to just set up multiple NICs and multiple bridges in Proxmox and then use virtual NICs in the pfSense/OPNsense VM.
In my setup, I run dual WAN connections with failover in pfSense. My motherboard has two onboard NICs and I have a Mellanox Connectx3 10gbe NIC in the PCI slot. I have one port of the Mellanox card assigned to vmbr0, I have the first onboard NIC assigned to vmbr1, the second onboard NIC is assigned to vmbr2. In my pfSense VM, vmbr0 is LAN, vmbr1 is WAN and vmbr2 is the second WAN port (Opt1). I made vmbr0 VLAN aware and created a number of VLAN sub interfaces on that bridge. My 10gbe card (first port) plugs into a trunked port on my managed switch, the onboard NICs go to the cable modems. All my other equipment plugs into the switch like normal.
I leave the last open NIC with a static IP address, and I use it in case of emergency to log into Proxmox if pfSense goes down for some reason. it is assigned to vmbr3 in Proxmox, with its own static IP address. Here's what my network configuration in Proxmox looks like:
In my setup, I run dual WAN connections with failover in pfSense. My motherboard has two onboard NICs and I have a Mellanox Connectx3 10gbe NIC in the PCI slot. I have one port of the Mellanox card assigned to vmbr0, I have the first onboard NIC assigned to vmbr1, the second onboard NIC is assigned to vmbr2. In my pfSense VM, vmbr0 is LAN, vmbr1 is WAN and vmbr2 is the second WAN port (Opt1). I made vmbr0 VLAN aware and created a number of VLAN sub interfaces on that bridge. My 10gbe card (first port) plugs into a trunked port on my managed switch, the onboard NICs go to the cable modems. All my other equipment plugs into the switch like normal.
I leave the last open NIC with a static IP address, and I use it in case of emergency to log into Proxmox if pfSense goes down for some reason. it is assigned to vmbr3 in Proxmox, with its own static IP address. Here's what my network configuration in Proxmox looks like:
Code:
root@pve-10:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback
# ===== LAN Trunk (Mellanox Port 0) =====
auto enp3s0
iface enp3s0 inet manual
auto vmbr0
iface vmbr0 inet manual
bridge-ports enp3s0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4092
# Primary Proxmox management on VLAN 100 (tagged on vmbr0)
auto vmbr0.100
iface vmbr0.100 inet static
address 192.168.10.6/24
gateway 192.168.10.1
# Proxmox host on VLAN 3 (Storage VLAN, non-routed)
auto vmbr0.3
iface vmbr0.3 inet static
address 192.168.3.10/24
# ===== Emergency / Rescue Management (Mellanox Port 1) =====
# Dedicated bridge on the second port with a private subnet and NO gateway.
# Plug your laptop or an isolated switch into enp3s0d1 and set your laptop to 192.168.99.10/24, for example.
auto enp3s0d1
iface enp3s0d1 inet manual
auto vmbr3
iface vmbr3 inet static
address 192.168.99.6/24
bridge-ports enp3s0d1
bridge-stp off
bridge-fd 0
# no 'gateway' here by design
# ===== WAN1 (Realtek 2.5g) =====
auto enp1s0
iface enp1s0 inet manual
auto vmbr1
iface vmbr1 inet manual
bridge-ports enp1s0
bridge-stp off
bridge-fd 0
# ===== WAN2 (Realtek 1g) =====
auto enp2s0f0
iface enp2s0f0 inet manual
auto vmbr2
iface vmbr2 inet manual
bridge-ports enp2s0f0
bridge-stp off
bridge-fd 0
source /etc/network/interfaces.d/*
root@pve-10:~#
Last edited:
I like this approach because Proxmox does a lot better job with NIC drivers, especially things like Realtek, than BSD does. Also changing hardware in proxmox is a lot easier this way.
Ive been using PVE for 6 months generally i use 2 bridges one wan the other lan to a switch. I was using a raspbery pi as a wifi nat bridge to give lan internet to the machine until I moved. when i switched from pfsense to opnsense i muddied up my network and made a mess f it so just rebuilding fro scratch. Im just trying to find how to get an IP from the modem currently. If i loose internet i have nothing that depends on being up, and i can use my hotspot as i am now to use my laptop to work on the issue as needed.
This is fantastic and appears to be very similar to what I wish to achieve. I have a single onboard nat eno1 which i plan to have as the dedicated management port and a dell intel i350-t2 2 port pci-e. those are vmbr0 wan and vmbr1 lan. currently i dont have opnsense installed, but I will be doing that in a moment as research has shown me i need that to get anything to have web access. which is likely my issue is i was trying to get it to work without opnsense intalled and running, an oversight after the reinstall of proxmox so i had a clean slate because i didnt document well enough with the previous build.
Code:
auto lo
iface lo inet loopback
iface ens1f1 inet manual
iface eno1 inet manual
iface ens1f0 inet manual
auto vmbr0
iface vmbr0 inet manual
bridge-ports ens1f0
bridge-stp off
bridge-fd 0
auto vmbr1
iface vmbr1 inet static
address 10.42.99.2/24
bridge-ports ens1f1
bridge-stp off
bridge-fd 0Do you have a managed switch? Or will everything be in one network (i.e., no vlans)? Either way is fine, but we need to know to be be able to assist when you run into bumps
Oh, and keep you Proxmox machine close to your keyboard and monitor. Because Proxmox is based on Debian, you can configure everything from the command line, even without a network for SSH access. Just plug your keboard and monitor into the Proxmox machine and you should have terminal access. I find that Claude.AI is very good at offering Proxmox configuration instructions for the command line. Once you get Proxmox up and running, installing pfSense or OPNsense becomes pretty easy.
yes i have a cisco catalyst 2960-l its older aswell. I plan on having 5 or so vlans, I cant remember all of my plans an unfortunately the plans are on my desktop that I wont have a place to setup until later so for right now i will like get everything running on a flat network until i get a desk in a few weeks.
my full network will be the switch feeding a Ubiquiti UniFi UAP-AC-Pro access point(guest vlan and primary vlan), a second proxmox server(my actual server on multiple vlans, the proxmox machine this thread is focused on is network utilities only) a raspberry pi as a thin client and my gaming computer(on its own vlan).
Ive been messing with both proxmox opnsense and pfsense via chatgpt and claude. one reason im rebuilding is because i feel my knowledge s superficial after 6 months of tinkering with it all. I also start my CCNA course this eveningso i figure that will help me understand alot of what im doing going forward. I hve a keyboard and mouse over at my server station for that reason. It should also be said I run linux on every machine i own at this point, my personal pc is fedora, laptop arch, rpi is the pi os, 2 proxmox servers, the VM's are various linux distros mostly ubuntu and ubuntu server. Proxmox doesnt scare me too much, breaking it is when it gets exciting and i feel like im learning. Networking is a whole different beast that im slowly learning.
Last edited: