[SOLVED] Proxmox with router as a VM appliance - will it work?

[T-z3P]

Hi, I have the following setup:

                                                 ┌──────┐
                                        ┌────────┤  AP  │
   xxxxxxx xxxxxxxxxx                   │        └──────┘
   x     xx         xxxx                │
 xxxx                 xxx         ┌─────┴┐       ┌──────┐
xx       Internet        xx───────┤Router├───────┤Server│
xxxxx                  xxxx       └─────┬┘       └──────┘
   xxxxxxxxxx      xxxx                 │
           xxxxxxxxx                    │        ┌───────┐
                                        └────────┤ Other │
                                                 │clients│
                                                 └───────┘

and I want to do something like below:

                                    ┌───────────────────────────────────────────────┐
                                    │                                               │                          ┌──────┐
    xxxxxxx xxxxxxxxxx              │                    ┌────────────────────────┐ │                   ┌──────┤  AP  │
    x     xx         xxxx           │                    │VM with Router appliance│ │                   │      └──────┘
  xxxx                 xxx          │     Server with    │      (DD-WRT)          │ │      ┌────────────┴───┐
 xx       Internet        xx────────┤   2x 2.5GBps NICs  └────────────────────────┘ ├──────┤  Switch with   │
 xxxxx                  xxxx        │                                               │      │8x 2.5GBps ports│
    xxxxxxxxxx      xxxx            │       running      ┌────────────────────────┐ │      └────────────┬───┘
            xxxxxxxxx               │       Proxmox      │       Other VMs        │ │                   │      ┌───────┐
                                    │                    └────────────────────────┘ │                   └──────┤ Other │
                                    │                                               │                          │clients│
                                    └───────────────────────────────────────────────┘                          └───────┘

My questions:
1. Is this possible?
2. Do I need to passthrough both NICs to the router appliance?
3. How do I configure Proxmox to deal with the so called WAN (first NIC) and to forward trafic to the router appliance, then forward the trafic to the switch (second NIC)?

 

[Dunuin]

Is this possible?

Yes.

2. Do I need to passthrough both NICs to the router appliance?

No. But some prefer that so the unsecure WAN traffic isn't processed by your PVE.

3. How do I configure Proxmox to deal with the so called WAN (first NIC) and to forward trafic to the router appliance, then forward the trafic to the switch (second NIC)?

You create two bridges with one NIC each. One for WAN and one for LAN. You only assign a IP and gateway for the LAN bridge on the PVE host. Then you create a VM with 2 virtual NICs. One virtual NIC is attached to each bridge. You then let the router VM do the NAT between WAN and LAN.
Just keep in mind that without that router VM running your PVE won't be able to access the internet. So might be tricky in case a PVE upgrade makes your router VM unusable but you also can't access the internet to fix this.

 

[LnxBil]

How do I configure Proxmox to deal with the so called WAN (first NIC) and to forward trafic to the router appliance, then forward the trafic to the switch (second NIC)?

Another approach would be to tag your network via VLAN and have a tagged WAN interface inside of your router. I'd go and use LACP on both NICs if possible.

 

[T-z3P]

I have ended up using passthrough with one of the 2.5GBps cards to the router VM (as WAN) and for the second 2.5GBps card I have created a bridge that is being used by every VM in proxmox (including the router VM).

Also, while trying different stuff I have encountered an issue where the network cards were reporting a link of 100MBps inside VMs. I was using the Realtek driver which was wrong. After I have changed driver to virtio all was working as expected.

Thank you both for replies.

 

[usbrpa]

I do face an issue which is probably in the same area.

Running an HW appliance with 4 Intel gbps ports, Proxmox on it. Using Opnsense as a VM, I get it all to work pretty well for some time already.

Have enp1s0, enp2s0, eno1 and enp4s0 as interfaces. Then 4 virtual interfaces vmbr0-vmbr3, assigned in sequence.

Opnsense now listens to vmbr0 on the LAN side. It runs on a private IP 10.3.8.1. On vmbr3 it connects to the WAN, all perfect. Everything works fine.

BUT. Now I just saw on Opnsense that the public IP it gets from the WAN is OK, getting it from MAC ending in 84:3e:a2:ae. When I look at Proxmox though I see that the same interface vmbr3 is also getting another public IP address on the MAC ending in 52:f9:7a, which is the physical MAC of eno1, that is bridged to vmbr3.

So my setup is currently pulling 2 public IP addresses over vmbr3, one directly from proxmox, one from opnsense running on it with a different MAC address.

How can avoid that Proxmox itself also pulls an IP?

Thanks. And sorry, am kind of a noob in this,... hope I explained myself accurately though.