Virtual Firewall

sohaib

Well-Known Member
May 14, 2011
124
0
56
Hello,

Please help me understand , I wanted to install Virtual Firewall such as PFsense. I have two Proxmox machines both running dual NIC cards & a block of Local IP Addresses, As currently I've a Firewall Box *HARDWARE. Public IP's are define in that hardware box and then Proxmos is using Local IP Addresses so as all my VM's.

I would like to install Pfsense on a vm and then use that as the firewall for all of the other vms. Could somebody either point me in the right direction or let me know if this is possible and if so how?

PROXMOX 1
“archive-tdi” 2014-10-19 at 5.43.23 AM.png

PROXMOX 2
“archive-tdi” 2014-10-19 at 5.49.28 AM.png

Current Setup
“archive-tdi” 2014-10-19 at 6.02.13 AM.png

This is what I wanted to Achieve.

“archive-tdi” 2014-10-19 at 6.07.18 AM.png

PLEASE LET ME KNOW - If I a make sense and if I do - I assume I have to setup bridge - I will really appreciate if some one can please provide step by step and guide me to the right path.

Thank you once again.
 
Hello sohaib,

PLEASE LET ME KNOW - If I a make sense and if I do - I assume I have to setup bridge - I will really appreciate if some one can please provide step by step and guide me to the right path.

Different methods are possible - difficult to say which one is the best for your request without knowing more details (as what in particular you want to allow, block, is traffic between VMs allowed etc.).

But I would prefer a - from my point of view - much better solution:

* Proxmox1 & 2 should form a cluster (if they are not yet already)

* use eth1 as NIC for cluster communication (define a new network, e.g. 192.168.1.0/24)

* use eth0 as connection to internet from both Proxmox hosts, similar to current HW configuration, but instead of HW firewall just a switch (or NAT router, depending on your internet access)

* bridge the VM NICs to vmbr0 (for external traffic)

* if you have the need of intern traffic between VMs: define vmbr1 and bridge eth1 and second NICs of VMs to it

* For implementing the firewall use the Proxmox integrated firewall (available in Proxmox VE 3.3): WEB GUI has a Firewall tab for Datacenter, nodes and VMs. To put in effect "Enable Firewall" must be set to "Yes" at Datacenter level.

See also http://pve.proxmox.com/wiki/Proxmox_VE_Firewall - but the Wiki is not complete yet.

Kind regards

Mr. Holmes
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!