Proxmox \ pfSense \ 1 Public IP \ 1NIC
I have a VDS from the excellent @MikeA and trying to get the networking correctly setup. I've created 2 bridges vmbr0 for LAN traffic set to and another vmbr1 set to the public IP address. What I would like to do is give the public IP address to pfSense and put the Proxmox server behind the pfSense VM. I think I've got everything setup correctly, but when I release the IP address from the bridge and try to have the WAN on pfSense take over it's not working. Any ideas?
So you want to assign the public IP to a VM running pfSense? And then pass everything on via NAT?
Probably your settings are wrong.
Maybe. I've checked them 3 times and everything seems in order.
Just to be sure you may want to boot into a rescue image (the new panel has SystemRescueCD and Netboot ISO for you to boot into any OS live CD) and configure both IPs, to be sure both IPs work when configured in a rescue/live system.
Exactly what isn't working?
I did a similar setup with a Hetzner dedicated with pfsense with a public IP and then "everything" behind the pfsense instance.
As I remember when setting it up, pfsense doesn't allow admin connections on the WAN interface by default. I could be wrong, but I remember having set up a Windows VM with Teamviewer behind my pfsense and used that to "properly" connect to pfsense from the "inside" after the IP changes were made.
That's correct - and that's now I want it to be. The problem is that after everything is setup and I reboot proxmox it nevers connects again. I lose traffic all together.
Enable access from the WAN while troubleshooting.
From what you write, it looks like the configuration is never saved and it reboots into default config.
I've done that - that's why I think it's not working. I'm installing teamviewer in a linux VM to see if I can connect to that after the switch.
There must surely be guides on this out there...virtualized pf on proxmox is while fringe...still common enough to google.
Having exactly zero actual experience on this I shall now give my expert opinion:
Pretty sure you'd always need a bridge. i.e. the bridge is the primary entry point on proxmox. One bridge for the interface coming in and another for the internal "lan". So the whole disconnect bridge and have pfsense "take over" reads wrong to me
Yes, I have two bridges like your talking about. What I mean by "taking over" is releasing the IP address from the bridge. Then I expect pfsense to "take over" the Public IP address. Does that make since?
I just notice the that Proxmox was using /32 and pfsense /24 so I changed pfsense to /32 as well.
No difference
I just remember about Disable Hardware Checksums with Proxmox VE VirtIO Sadly it's didn't help.
If the pfsense is virtualised then you wouldn't be releasing need that bridge to remain in place since it is connecting your virtualised pfsense to the internet.
...release that and unsurprisingly you lose connectivity.
There is no "taking over" anything here...the pfsense is can only talk to what the hypervisor exposes...and the way proxmox does that is via bridge.
So just put the public IP on both the bridge and pfsence?
Maybe I would be better off with something like this:
I’m not sure…
I think my new strategy will be to forward all traffic to the PF sense box using iptables