Trying to connect two devices behind two interfaces

testcb00

Currently I am trying to build a home lab (Proxmox VE as Host), it will have a pfSense VM, a NAS VM and other application VMs. The NAS VM is behind the pfSense VM.

To protect my data from blackout or voltage surge/drop, I buy a UPS. Since a low end UPS doesn't have a Network Interface, I have to build a NUT server to send the UPS information to my VM and the hypervisor. The NUT server connects to pfSense VM directly. pfSense VM use the NUT package to receive UPS information.

However, I don't know how to connect my NAS VM to the NUT server. Using pfSense as a NUT forwarder might be an option but the dummy-ups driver might be broken when the service restart.

Under this condition, is it possible to do routing so that the NAS VM can receive the NUT server?

johnpoz

@testcb00 just create a rule vlan 11 that lets the nas talk to the nut server IP on whatever port that uses, not sure off the top of my head.

testcb00

@johnpoz

May you provide a photo of the rule setting?

johnpoz

@testcb00

So lets say the nut server was on 192.168.9.100, and this was your vlan 11 network interface.

That rule would allow anything on my test network to talk to 192.168.9.100 on tcp or udp port 3493 which I believe is the default port nut uses.

testcb00

@johnpoz
Thank you, john.

I have a rule that pass traffic of LAN net (Some Ports Include NUT 3493) to local subnets (Some Ports Include NUT 3493).

In Firewall Log, I see the traffic is passed, but I still cannot connect to the NUT server.

Finally, I find that I have to set up a static route in the NUT server.

ip route add 192.168.11.0/24 via 192.168.10.2

This fix the problem. The NAS can ping / connect to the NUT Server.

However, I find that the NUT server cannot ping to NAS VM (192.168.11.2). It can ping to NIC 2 (192.168.11.1).

johnpoz

@testcb00 said in Trying to connect two devices behind two interfaces:

Finally, I find that I have to set up a static route in the NUT server.

You shouldn't have to do that in a normal setup.. That would only make sense if this nut sever was not using pfsense as its gateway.

If you can ping the pfsense IP of this vlan interface, but not devices on this vlan. That normally screams host firewall not allowing remote IPs, or again this device not using pfsense as its gateway either.