[SOLVED] Using a bridge as LAN with proxmox as gateway

Gabriele Assentato

New Member
Jun 13, 2018
6
2
3
24
Hi, I am trying since a few days to setup iptables on my proxmox installation.

Since I have only one public IP address and I need pfSense installed I created a bridge between only the proxmox host and the pfSense guest.

My network cards are the following:
eno1 - Public IP address (XXX.XXX.XXX.XXX/24 with his gateway)
vmbr0 - Bridge for the eno1 card
vmbr1 - Bridged to a dummy card with IP 192.168.1.254/24
vmbr2 - Bridged to another dummy card with IP 172.16.0.0/16

The vmbr1 is used as the WAN for pfSense, and the vmbr2 as the LAN for all the VMs.

This is the configuration of my pfSense box:
WAN IP 192.168.1.1/24 gateway 192.168.1.254
LAN IP 172.16.255.254 and also configured to be the gateway for his lan

I've tried this on my proxmox host machine:
Code:
iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
iptables -A FORWARD -i vmbr1 -o eno1 -j ACCEPT
iptables -A FORWARD -i vmbr1 -o eno1 -m state --state RELATED,ESTABLISHED -j ACCEPT


And also replacing the eno1 with vmbr0 but it doesn't works.
I could solve having a 2nd public IP for my pfSense box, but I can't buy it.

How can I solve this issue?
 
Hi,

I am sorry but I do not understand what this "routed setup" does.
Do I need to add my pfsense vm to a bridge to the primary nic with this configuration?

Sorry for my lack of knowledge

Regards,
Gabriele.
 
Hi,

I solved the issue using the "Routed Setup" following this guide:
https://www.flomain.de/2015/05/how-to-proxmox-networking/

Now my interfaces file looks like this:

Code:
auto lo
iface lo inet loopback

auto eno1
iface eno1 inet static
        address  xxx.xxx.xxx.xyz
        netmask  255.255.255.0
        gateway  xxx.xxx.xxx.254
        post-up echo 1 > /proc/sys/net/ipv4/conf/eno1/proxy_arp

auto vmbr0
iface vmbr0 inet static
        address  172.16.255.254
        netmask  255.255.0.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

auto vmbr1
iface vmbr1 inet static
        address  192.168.1.253
        netmask  255.255.255.252
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '192.168.1.252/30' -o eno1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.1.252/30' -o eno1 -j MASQUERADE

Where vmbr0 is the lan with all my VMs included pfSense and vmbr1 is the WAN for the pfSense machine.

I hope this can be useful to someone.

Best regards,
Gabriele.
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!