Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hetzner Proxmox host + pfSense vm networking

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    2 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      booruszuru
      last edited by

      Hello all i cant seem to make this work as i try to follow the guide here https://dannyda.com/2020/06/09/how-to-configure-nat-network-for-virtual-machine-vm-guest-os-on-proxmox-ve-6-2-pve-easily-works-for-vmware-esxi-too/

      i have a dedicated server with main ip
      178.**.**.75
      and ordered a second ip for pfsense
      178.**.**.79
      also ordered a subnet /29 for my vms to get it from pfsense
      88.**.***.40 to 88.**.***.47

      now my interfaces file is this

      auto lo
iface lo inet loopback

iface lo inet6 loopback

auto enp3s0
iface enp3s0 inet static
	address 178.**.**.75/32 # Hetzner Main IP
	gateway 178.**.**.65
	pointopoint 178.**.**.65

iface enp3s0 inet6 static
	address 2a01:4f8:120:82f8::1/128
	gateway fe80::1
	up sysctl -p

auto vmbr0
iface vmbr0 inet static
	address 178.**.**.75/32 Hetzner Main IP
	bridge-ports none
	bridge-stp off
	bridge-fd 0
	bridge-maxwait 0
        #Second IP for pfsense
	up ip route add 178.**.**.79/32 dev vmbr0
	# subnet
	up ip route add 88.**.***.40/32 dev vmbr0
	up ip route add 88.**.***.41/32 dev vmbr0
	up ip route add 88.**.***.42/32 dev vmbr0
	up ip route add 88.**.***.43/32 dev vmbr0
	up ip route add 88.**.***.44/32 dev vmbr0
	up ip route add 88.**.***.45/32 dev vmbr0
	up ip route add 88.**.***.46/32 dev vmbr0
	up ip route add 88.**.***.47/32 dev vmbr0
	# subnet
	
iface vmbr0 inet6 static
	address 2a01:4f8:120:82f8::2/64

auto vmbr1
iface vmbr1 inet manual
	bridge-ports none
	bridge-stp off
	bridge-fd 0

      the problem is when i configure my LAN using second ip i cant ping the host but if i use any of the usable ips from the subnet i can ping it and can access the pfsense dashboard

      can anyone help me out pls i am going crazy with this

      1 Reply Last reply Reply Quote 0
      • C
        chrcoluk
        last edited by chrcoluk

        I have a pfsense on VM on proxmix hetzner host, I dont route ip's from it though but use NAT instead.

        However I can tell you I dont have any ip route in the interfaces file for the pfsense ip.

        So the setup is something like this.

        vmbr0 is the wan switch. physical wan is connected to it.

        So no need for proxmox to route ip's for guests.

        So remove the ip route commands.

        Put on the 178 * 79 ip on pfsense, and use the hetzner assigned gateway ip for it, make sure this is connected to vmbr0, this should be enough to get pfsense internet access.

        I have never done a routable wan ip setup behind pfsense for ipv4 though, so needs someone else to chime in for that, but I dont think they should be routed on proxmox either. Hopefully someone can help you on that step.

        update

        I had a look at this.

        https://docs.netgate.com/pfsense/en/latest/book/routing/routing-public-ip-addresses.html

        So I would try this.

        Add a 2nd virtual nic to pfsense, connect it to vmbr0.

        Add the first routable ip to the 2nd nic, set no gateway.

        follow rest of guide.

        pfSense CE 2.7.2

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.