Setting up pfSense in ProxMox - initial setup and permanent

[zachlovescoffee]

Hey folks, I'm new to Proxmox but so far enjoying it and think it's great. I am looking to get some help for how to initially set up the network before and after stand the server up.

• Current State: WAN (192.168.0.254 gateway) > Linksys Mesh Router (192.168.1.1 gateway) > back hauled and wireless mesh nodes and various unmanaged switches > devices.
  • The WAN is in bypass mode so it does not do any DHCP. It's just passing fiber internet to the Linksys router
• Future state network: WAN > NUC11 running pfSense in Proxmox (firewall, DHCP, etc) > Linksys Mesh Router in Bridge Mode > back hauled / wireless mesh nodes and switches > devices
  • The NUC has two onboard NICs with a current address of 192.168.1.xxx.

I'm struggling with how to do the initial network set up. I.e., when I plug the NUC into my current 192.168.1.1 subnet and start making changes, I lose my ability to connect to the ProxMox box if I start to make any network changes and also cannot connect to pfSense to configure it. E.g., if I change the ProxMox server (/etc/network/interfacts & hosts) to say 192.168.2.2 then I cannot get to that subnet from my current subnet. Admittedly I am probably using terms incorrectly.

Can you suggest a means for how I can best do the initial set up on my current subnet (192.168.1.x) and then make the swap so that I minimize my down time? Ideally, once everything is set up I'd like the WAN to still be on the 192.168.0.x subnet and my actual LAN to be on the 192.168.1.x subnet.

I really appreciate your help and support here

 

[Nollimox]

The NUC has two onboard NICs with a current address of 192.168.1.xxx.

That's a problem...per here: see below, you need three on-board NIC's...one for Proxmox and two passed-through one pfSense WAN and the other pfSense LAN.

https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html

 

[zachlovescoffee]

Oh. Snap. I have vmbr0 and vmbr1 both Intel NICs each with their own addresses on the 192.168.1.x subnet. You're saying I need a third? vmbr2?

 

[Nollimox]

Oh. Snap. I have vmbr0 and vmbr1 both Intel NICs each with their own addresses on the 192.168.1.x subnet. You're saying I need a third? vmbr2?

Not me, the pfSense folks, if you want to run pfSense VM on Proxmox...that's the requirements...vmbr0 - Proxmox Interface, vmbr1 - pfSense WAN interface, and vmbr2 - pfSense LAN interface. That's how mine is setup because I followed the requirement.

 

[zachlovescoffee]

But I could just run pfSense bare metal on the NUC and then I'd have WAN and LAN covered?

 

[Tr1pke]

Oh. Snap. I have vmbr0 and vmbr1 both Intel NICs each with their own addresses on the 192.168.1.x subnet. You're saying I need a third? vmbr2?

Yes you need a 3th
One is WAN
Second is LAN
Third is your proxmox server.
You need to visualize the server as 2 bare metal servers and not as a pfsense VM in proxmox

If you have only 2 and you use one for WAN and one for LAN how will your proxmox get connection? Since pfsense need pass trough connections…

 

[Neobin]

If you have only 2 and you use one for WAN and one for LAN how will your proxmox get connection? Since pfsense need pass trough connections…

If you would PCIe-passthrough two NICs to the pfSense-VM for WAN and LAN, you need a third NIC for PVE, yes.

But if you use a bridge for (at least) the LAN on pfSense, you can simply use the default vmbr0 bridge for both, the pfSense-LAN and the PVE and therefore only need two NICs...

 

[Nollimox]

But I could just run pfSense bare metal on the NUC and then I'd have WAN and LAN covered?

That's correct; but then you'll miss the fun of Proxmox's virtual environment. As @Neobin said, it can be done with two interfaces with the use of a smart switch vLANs, and vlan tags...that work for some people with small form factor hardware.