Hello,
I've run into a design issue we are trying to eliminate. Basically here are the details of our proxmox/vm setup:
- we have 1 static IP
- we have 1 pfsense VM
- the pfsense VM is using the vmbr0 interface which is bridged to eno1
- I am not using the proxmox masquerade/nat solution referenced in the documentation
- the pfsense WAN interface is configured with static IP/netmask/gateway details and it's working
- the proxmox eno1 does not have a static IP
- I have a second interface which is vmbr1 which is configured behind the pfsense and it does a have static IP in /etc/network/interfaces that I can use to manage proxmox behind the pfsense firewall
Basically our current set up which works is:
[internet] -> [pfsense VM on proxmox] -> [proxmox management interface]
What we are trying to accomplish is sharing the 1 static IP across the proxmox host/pfsense VM without doing the NAT configuration the documentation references. Why? Because, we do not want our devices behind pfsense to be on a double NAT ( which is what happens when we do it and how it's set up currently ).
We've looked into doing something called PAT - which would allow our proxmox host to be accessible with https://{publicip}:8006 and all other traffic gets passed to the VM. This would allows us to access proxmox through the public IP even when the pfsense router is down/having issues. The thing is, I've tried dozens of iptables commands to intercept the packets destined for {public ip}:8006 during prerouting and change their destination to either 127.0.0.1:8006 or {vmbrX IP}:8006. I haven't had any luck so far. I'm assuming that's the case because proxmox doesn't have a gateway configured, so it doesn't have a way to return those packets to the client.
Does anyone have any solutions to this or has a set up that allows proxmox to be managed even though the virtual router is down in a setup with 1 static/no double nat?
Let me know if you have any questions. Thanks!
I've run into a design issue we are trying to eliminate. Basically here are the details of our proxmox/vm setup:
- we have 1 static IP
- we have 1 pfsense VM
- the pfsense VM is using the vmbr0 interface which is bridged to eno1
- I am not using the proxmox masquerade/nat solution referenced in the documentation
- the pfsense WAN interface is configured with static IP/netmask/gateway details and it's working
- the proxmox eno1 does not have a static IP
- I have a second interface which is vmbr1 which is configured behind the pfsense and it does a have static IP in /etc/network/interfaces that I can use to manage proxmox behind the pfsense firewall
Basically our current set up which works is:
[internet] -> [pfsense VM on proxmox] -> [proxmox management interface]
What we are trying to accomplish is sharing the 1 static IP across the proxmox host/pfsense VM without doing the NAT configuration the documentation references. Why? Because, we do not want our devices behind pfsense to be on a double NAT ( which is what happens when we do it and how it's set up currently ).
We've looked into doing something called PAT - which would allow our proxmox host to be accessible with https://{publicip}:8006 and all other traffic gets passed to the VM. This would allows us to access proxmox through the public IP even when the pfsense router is down/having issues. The thing is, I've tried dozens of iptables commands to intercept the packets destined for {public ip}:8006 during prerouting and change their destination to either 127.0.0.1:8006 or {vmbrX IP}:8006. I haven't had any luck so far. I'm assuming that's the case because proxmox doesn't have a gateway configured, so it doesn't have a way to return those packets to the client.
Does anyone have any solutions to this or has a set up that allows proxmox to be managed even though the virtual router is down in a setup with 1 static/no double nat?
Let me know if you have any questions. Thanks!
