Proxmox Pfsense only 1 public IP
-
Hello ,
First my Steup:Proxmox on a Dedicated Server
Pfsense in a VM on ProxmoxIPtabels to route all traffic to Pfsense exept Port 22, 8806
Bridge vmbr0 for Pfsense
Bridge vmbr1 for all VM later
So good to start with my problem.
When i create a new VM on Proxmox that wokrs they get a DHCP adress from the Pfsense and has Outgoing Traffic like Ping works. But when i want to host something on it like a minecraft server.
I cant open the Port.
I have everything tried:- Firewall Rules
- Port Forwarding
In every similar Descripion everything workes fine.
I really do not have any Idea what could be wrong.Thanks in advance! :)
-
How are you testing?
Do you see blocks in the firewall logs? Or states created in the state table (Diag > States)?
What port forwards are you adding?
Steve
-
@stephenw10
Hi Steve,
i have on a Ubuntu Container a Minecraft Server.
So i try to connect to them via Minecraft.
These are my Forward Rules
In the logs i dont see something that would be blocked and also not in the states.Elias
-
Those screenshots are both of the firewall rules. Can we see the port forward?
Where are you testing it from? Where is the client?
I would also start with something easier to test directly like SSH and make sure that works.
Steve
-
@stephenw10
Sry my bad i hvae picked the Wrong Screenshot.
This is the Port Forwarding.
I will test it now with SSHElias
-
Also with SSH i get a refused connection.
-
Do you see any states created in pfSense on either of those ports?
The port forwards looks correct. It seem like that traffic never reaches the pfSense WAN.
Steve
-
These states i see but there is nothing visibe that the Rejected or Something like that.
-
It seems that it was this checkmark
Thanks for your help!
Elias -
So 10.0.0.2 is the pfSense WAN IP and 10.0.0.1 is the Proxmox host? Or some other VM you are testing from?
We do see that one SIP packet from some external address. And pfSense has opened a state for it so its being passed. Your WAN firewall rules are currently wide open.
Make sure you are actively trying to open an SSH connection when you check the states.
Steve
-
It was the checksum off-loading? You were using vtnet NICs in Proxmox?
-
@stephenw10
Yes 10.0.0.1 is the Proxmox and 10.0.0.2 is the Pfsense.
I´m looking while i try to connnect to SSH. There are no new entries. -
But you are now able to connect to the Minecraft server with hardware checksum off loading disabled?
-
@stephenw10 It was working for 10 sec then the SSH refused again.
I think that i use vtnet on Nic but i dont know what this mean. -
@stephenw10 no at the moment it does not work.
-
Ok, where are you testing from? What is the source address?
The pfSense WAN is wide open so you should see states created for any traffic that hits it. It looks like your test traffic never makes it to pfSense so either Proxmox is not forwarding it or it never arrives at Proxmox.
Steve
-
@stephenw10
I have on the LAN a DHCP configured with the IP net 192.168.1.1/24 so the Container in Proxmox getting an IP from that.
I´ve checked the Ip adress with the NAT Rules.
I also checked the status from the SSH ServerSo far as i know should be the rules forward all traffic to the pfsense.
-
It doesn't look like a problem with the container, the traffic is not reaching the pfSense WAN.
How are you accessing the pfSense webgui? From the same place? What is that place? Something outside the Proxmox public IP?
Steve
-
S stephenw10 moved this topic from General pfSense Questions on
-
@stephenw10
I acces the Pfsense via SSh over the Proxmox.
I map the Port to my Localhost
So via localhost
-
Ah, OK.
You should be able to access it directly if Proxmox is correctly forwarding all traffic to the pfSense WAN. That should include port 443 to the pfSense webgui.
