(solved) Getting Proxmox Management Port to Resolve Itself, Access other Subnet

[Nollimox]

So, I had set up Proxmox by attaching to another pfSense firewall to perform update, etc after new install.
Now, I would like the Proxmox management to stand on its own by resolving its host name as well as to access
another subnet that's its new gateway. However, its gateway is via a pfSense VM that's installed.

I have done the following...see screen shots






How can I attach the new MAC address of 10.8.27.1 (was the old address of the external pfSense so the Proxmox management interface will not resolve itself since it's locked to the old MAC address). Then, how can I access pfSelse LAN, the new gateway for Proxmox from the Proxmox management Interface which is using the on-board NIC while pfSense LAN is the second port on Intel i350 NIC. I purposely wanted everything to be on the same network 10.8.27.0 to have easy access.

How to get vmbr0 to connect to vmbr2?

 

[Nollimox]

So, I resolved the first part getting Proxmox management interface to not remember mac address and resolve itself by adding
bridge-disable-mac-learning 1, see below screen shot.


Now, all I need to completely resolve this thread is to link vmbr0 to vmbr2. I can ping 10.8.27.1 from 10.8.27.36 but not from 10.8.27.1 to 10.8.27.36.
I tried ip route get ip...

 

[floh8]

u build bullshit. I dont understand whats your goal. Give vmbr2 the ip 10.8.27.36. Delete IP config for vmbr0. Now, u are good.

 

[B.Otto]

Hello,

I feel you are missing some quite some basic knowledge in terms of networking. For instance, adresses like 10.8.27.1 are IP addresses, not MAC addresses. MAC addresses work on a different networking layer. That means your 'bridge-disable-mac-learning' parameter won't do what you think it does.

Then, you should never assign two IP addresses of the same subnet to different interfaces. This causes problems in terms of routing, since the routing table (roughly) works as 'send packet to subnet xxx via interface yyy'.

Also, your interface vmbr2 has the IP 10.8.27.1 and also the default-gateway set as 10.8.27.1 . This means that your PVE host will redirect all traffic with unknown subnets ... back to itself, with which it could not do anything to begin with...

You need to give us more details about what you want to do and how your environment should look like. Like, you have set up a Firewall-VM running pfsense? I suppose there is more network apart from your Proxmox host, like an external router that makes it able to access the internet?

Kind regards,
Benedikt

 

[Nollimox]

u build bullshit. I dont understand whats your goal. Give vmbr2 the ip 10.8.27.36. Delete IP config for vmbr0. Now, u are good.

Interesting, thank you for sharing. The vmbr2 is pfSense LAN that's pass through...

 

[Nollimox]

Hello,

I feel you are missing some quite some basic knowledge in terms of networking. For instance, adresses like 10.8.27.1 are IP addresses, not MAC addresses. MAC addresses work on a different networking layer. That means your 'bridge-disable-mac-learning' parameter won't do what you think it does.

Then, you should never assign two IP addresses of the same subnet to different interfaces. This causes problems in terms of routing, since the routing table (roughly) works as 'send packet to subnet xxx via interface yyy'.

Also, your interface vmbr2 has the IP 10.8.27.1 and also the default-gateway set as 10.8.27.1 . This means that your PVE host will redirect all traffic with unknown subnets ... back to itself, with which it could not do anything to begin with...

You need to give us more details about what you want to do and how your environment should look like. Like, you have set up a Firewall-VM running pfsense? I suppose there is more network apart from your Proxmox host, like an external router that makes it able to access the internet?

Kind regards,
Benedikt

Thank you for responding...maybe this primitive drawing help explain what I am wanting to do using a Mac Pro as a bridge between two network. Please ignore the IP addresses in diagram.


When I had first set up Proxmox, it was attached to my main network's DMZ's router and DNS 10.8.27.1, then once it is upgraded, configured, and installed pfSense, it was separated and on its own. That's why I have to assign the bridge-disable-mac-learning else it would be looking for the DMZ's to resolve the host name and not local 127.0.0.1

Now, that the network is separated, I placed a Mac Pro to act as a bridge between my regular network and my private cloud. However, I realize that Ethernet two is connected to just Proxmox's management port and I wouldn't have access to pfSense LAN since both WAN and LAN are pass through to the Intel i350 NIC, as required.

The goal is to use the Mac Pro to share screen with my Laptop giving me access to Proxmox, pfSense VM, and any container VM I may add later. That way I have a central access and why I place everything on the same network 10.8.27.0. Hope this makes sense.

 

[Nollimox]

I found this link: https://forum.proxmox.com/threads/h...ll-network-requests-go-through-pfsense.64021/

Seems like I followed what's suggested...no luck.

 

[Nollimox]

Now, I got it right without the need to disable any firewall...my mistake was to move default gateway to pfSense. . Both accessible by my Mac Pro on the same browser tabs next to each other.