[Solved]Connection issues with Pfense with OVH and Proxmox
-
I been trying to step into virtualization and I already had a box with OVH so decided to stay with them setup Proxmox and use pfsense to keep tack of everything.
However I am having a strange issue of the LAN being able to ping the outside Web but still timing out whenever I try to access the Web from a VM. Yet I am able to access the WAN from my personal PC as I added a firewall Rule to allow me to access the WebUI only from my location(This will be removed once the configuration is done for Security.)
Since I use OVH I have to do that bridge stuff that they explain with the Fail Over IP's and set the MAC addresses. That I have done. I have configured the the pfsense VM for the WAN to be my vmbr0 bridge(my default bridge with my box).
My IP configuration on Pfsense(addresses are altered).
WAN: vtnet0 198.X.X.53/32
LAN: vtnet1 10.1.100.1/24 DHCP enabled (.10-.254).OVH provided me with a script to put into my /usr/local/etc/rc.d on pfsense
#! /bin/sh
/sbin/route add -net 149.X.X.254/32 -iface vtnet0
/sbin/route add default 149.X.X.254Then for the LAN I have setup a vmbr2 bridge
auto vmbr2
iface vmbr2 inet static
address 10.1.100.254
netmask 255.255.255.0
gateway 10.1.100.1
bridge_ports none
bridge_stp off
bridge_fd 0From there I have other VM's connecting VIA the vmbr2 bridge.
I been wanting to setup a 1:1 NAT between the machines so each machine can have a public IP but still be behind pfsense's firewall. In this example the machine has the address 10.1.100.12 with the Default GW 10.1.100.1 on Ubuntu Desktop VM
So I added a Virtual IP 167.X.X.13 that has the same mac address as the 198.X.X.53 (I've gotten both a yes and a no if those MAC addresses should be the same, will someone let me know which one is correct for this?)
Then added the 1:1 NAT rule external IP of 167.X.X.13 to 10.1.100.12
Afterwards added a firewall rule for any protocol from any source (will be changed in future for security) with the 10.1.100.12 destination.
Even after doing all that I still can not seem to get it to connect to the Internet properly. I can ping the Gateway (10.1.100.1) I can ping the WAN (198.X.X.53) as well as ping something like OVH.com, but like if I try to use the web from the VM it just times out.
Now I think the problem lies in my network definitions on proxmox, I've showed this to OVH and they said it looked fine, but I can't think of anything else. Even stuff like Port Forwarding doesn't work.
Ill post my full config below with IP's altered and the eth0 is OVH's bridge that they said needs to be done.
auto eth0
iface eth0 inet static
address 198.X.X.53
netmask 255.255.255.255
boradcast 198.X.X.55
post-up route add 149.X.X.245 dev eth0
post-up route add default gw 149.X.X.254
pre-down route del 149.X.X.245 dev eth0
pre-down route del default gw 149.X.X.254for Routing
auto vmbr1
iface vmbr1 inet manual
post-up /etc/pve/kvm-networking.sh
bridge_ports dummy0
bridge_stp off
bridge_fd 0vmbr0: Bridging. Make sure to use only MAC adresses that were assigned to you.
auto vmbr0
iface vmbr0 inet static
address 149.X.X.7
netmask 255.255.255.0
network 149.X.X.0
broadcast 149.X.X.255
gateway 149.X.X.254
bridge_ports eth2
bridge_stp off
bridge_fd 0auto vmbr2
iface vmbr2 inet static
address 10.1.100.254
netmask 255.255.255.0
gateway 10.1.100.1
bridge_ports none
bridge_stp off
bridge_fd 0Hopefully someone can point me in the right direction. If any more info is needed I would be more then happy to provide. I just really want to get this headache worked out so I can actually start adding the machines.
EDIT:
To help with address Identification
149.X.X.X is my main address for the box
198.X.X.X/30 is 1 FO IP
167.X.X.X/30 is 2 FO IP -
Turns out it was the virtIO causing issues and switched over to Intel Virtual NIC's