Unable to Access a Proxmox Server After Moving to pfSense

stephenw10

Where are you connecting from? How is that routed through pfSense?

Is that different to your previous setup? (beyond the new subnet)

Steve

Cableboy

@stephenw10 It's not different from the previous setup other than using pfSense now. I just went it and updated the IPs to my new ranges.

My computer is on the local network at 192.168.83.77. I'm just trying to get to the Proxmox web GUI at via https on port 8006 from the same local network and subnet. I feel like it should probably just work like it does for other devices. I have some smart switches that have Tasmota flashed on them, and I can access them via their IP. Also, I have a Hyperion TV light running at 192.168.83.14:8090 and I can get to that just fine.

The only difference with the Proxmox was that it is a https connection, so I thought maybe there is a setting I'm unaware of as a new pfSense user that I'm just missing - especially since when I connect Ethernet directly to the Proxmox computer with my laptop (and manually set the IP address on my laptop to 192.168.83.2, subnet to 255.255.255.0 and set the Gateway to 192.168.83.1) then the laptop can access the web GUI just fine. It's through the pfSense box, over the local network when it can't reach it.

Again, thanks for any help on this. :-)

stephenw10

Ok, assuming your subnet is /24 thattraffic does not go through pfSense at all. The client will just be connecting to the Proxmox server directly. I assume both are connected to a switch?

So if it's unable to connect that implies the switch isolating clients or maybe some IP conflicy with another device. An IP conflict would also cause problems for the Proxmox server trying to connect out though.

Steve

Patch

@cableboy said in Unable to Access a Proxmox Server After Moving to pfSense:

The Proxmox server is online and, if I log in to it via a monitor/keyboard

From the Proxmox console (physical screen and keyboard) what do these commands show? The Proxmox GUI should work from any Proxmox interface with and IP address assigned.

ip a && ip r
cat /etc/network/interfaces

I encountered a similar issue with Proxmox v7.1, the work around which masked the limitation for me was add a "DHCP Static Mappings for" for Proxmox to the pfsense interface you access Proxmox from. See this Proxmox forum thread

Cableboy

@stephenw10 @Patch thanks for the suggestions. That makes sense. I’m away for the weekend and will check when I get home.

I do have a static mapping for the Proxmox server, so I don’t think anything else is trying to use that IP. I’m going through a managed switch, but it’s just essentially operating as a unmanaged switch currently.

Cableboy

@patch Here is the output from ip a && ip r:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
    link/ether d8:9e:f3:82:d5:bf brd ff:ff:ff:ff:ff:ff
3: wlp1s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 34:41:5d:64:98:c1 brd ff:ff:ff:ff:ff:ff
4: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether d8:9e:f3:82:d5:bf brd ff:ff:ff:ff:ff:ff
    inet 192.168.83.9/24 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::da9e:f3ff:fe82:d5bf/64 scope link 
       valid_lft forever preferred_lft forever
default via 192.168.83.1 dev vmbr0 proto kernel onlink 
192.168.83.0/24 dev vmbr0 proto kernel scope link src 192.168.83.9 

Here is cat /etc/network/interfaces

auto lo
iface lo inet loopback

iface enp0s31f6 inet manual

auto vmbr0
iface vmbr0 inet static
	address 192.168.83.9/24
	gateway 192.168.83.1
	bridge-ports enp0s31f6
	bridge-stp off
	bridge-fd 0

iface wlp1s0 inet manual

stephenw10

That looks fine.

I'd be checking for some sort of port isolation function on the switch. Not much else it can be there if both devices have the expected IP and subnet set.

Cableboy

@stephenw10 Yeah. I've been doing more research and totally agree. I'm going to swap out the managed switch for an unmanaged switch and see if the problem goes away.

Both the managed switch and the pfSense box were installed at the same time. I just figured that the more complicated box was probably doing something. But, as you pointed out above it should only be on the switch at this point.

I guess this is good because we don't learn anything when it all works the first time, right? :-D

stephenw10

@cableboy said in Unable to Access a Proxmox Server After Moving to pfSense:

guess this is good because we don't learn anything when it all works the first time, right? :-D

Yup, exactly!

Cableboy

@Patch @stephenw10 Thanks for your help! Replacing the switch fixed the issue! I factory reset the TP Link managed switch and it's working now too. It's sometimes the simple stuff you over look on the troubleshooting path that trip you up.

I could not determine any reason why the TP Link managed switch was preventing the Proxmox GUI from coming up. I checked everything before I reset it.

Thanks again!