Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to Access a Proxmox Server After Moving to pfSense

    General pfSense Questions
    https proxmox newbie
    3
    11
    3.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Cableboy
      last edited by

      Hello! I am a new pfSense user. I feel like this may be a simple question, but I've spent all day trying to figure out why this isn't working, so sorry in advance if it's a rookie mistake.

      I just installed a pfSense firewall replacing a Netgear Nighthawk router. This went fairly well for most devices on the network. I changed from a 192.168.0.1 to 192.168.83.1 when switching to the new pfSense box.

      After updating my Proxmox server with the new IP address and host name via instructions found online, I could no longer connect to it and it would not get online when using a monitor and logging in directly. I fought with that for a while then decided to just start from scratch, figuring I broke something along the way.

      When I reloaded the Proxmox software, it pulled the correct IP address, 192.168.83.9 from my static mapping in pfSense. I still cannot get to the web interface at https://192.168.83.9:8006. I can get to other devices on the network however.

      I'm wondering if there may be a problem with accessing an internal https server or the port through pfSense. I have a pretty vanilla setup so far. I did install pfBlockng, though.

      The Proxmox server is online and, if I log in to it via a monitor/keyboard, I can update packages. Also, if I connect my computer to it directly and give it an IP in the same subnet, I can connect to the web interface at https://192.168.83.9:8006, so that works too, just not when connected through pfSense.

      What other information can I share? Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Where are you connecting from? How is that routed through pfSense?

        Is that different to your previous setup? (beyond the new subnet)

        Steve

        C 1 Reply Last reply Reply Quote 0
        • C
          Cableboy @stephenw10
          last edited by

          @stephenw10 It's not different from the previous setup other than using pfSense now. I just went it and updated the IPs to my new ranges.

          My computer is on the local network at 192.168.83.77. I'm just trying to get to the Proxmox web GUI at via https on port 8006 from the same local network and subnet. I feel like it should probably just work like it does for other devices. I have some smart switches that have Tasmota flashed on them, and I can access them via their IP. Also, I have a Hyperion TV light running at 192.168.83.14:8090 and I can get to that just fine.

          The only difference with the Proxmox was that it is a https connection, so I thought maybe there is a setting I'm unaware of as a new pfSense user that I'm just missing - especially since when I connect Ethernet directly to the Proxmox computer with my laptop (and manually set the IP address on my laptop to 192.168.83.2, subnet to 255.255.255.0 and set the Gateway to 192.168.83.1) then the laptop can access the web GUI just fine. It's through the pfSense box, over the local network when it can't reach it.

          Again, thanks for any help on this. :-)

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Ok, assuming your subnet is /24 thattraffic does not go through pfSense at all. The client will just be connecting to the Proxmox server directly. I assume both are connected to a switch?

            So if it's unable to connect that implies the switch isolating clients or maybe some IP conflicy with another device. An IP conflict would also cause problems for the Proxmox server trying to connect out though.

            Steve

            C 1 Reply Last reply Reply Quote 0
            • P
              Patch
              last edited by Patch

              @cableboy said in Unable to Access a Proxmox Server After Moving to pfSense:

              The Proxmox server is online and, if I log in to it via a monitor/keyboard

              From the Proxmox console (physical screen and keyboard) what do these commands show? The Proxmox GUI should work from any Proxmox interface with and IP address assigned.

              ip a && ip r
cat /etc/network/interfaces

              I encountered a similar issue with Proxmox v7.1, the work around which masked the limitation for me was add a "DHCP Static Mappings for" for Proxmox to the pfsense interface you access Proxmox from. See this Proxmox forum thread

              C 1 Reply Last reply Reply Quote 0
              • C
                Cableboy @stephenw10
                last edited by

                @stephenw10 @Patch thanks for the suggestions. That makes sense. I’m away for the weekend and will check when I get home.

                I do have a static mapping for the Proxmox server, so I don’t think anything else is trying to use that IP. I’m going through a managed switch, but it’s just essentially operating as a unmanaged switch currently.

                1 Reply Last reply Reply Quote 0
                • C
                  Cableboy @Patch
                  last edited by

                  @patch Here is the output from ip a && ip r:

                  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
    link/ether d8:9e:f3:82:d5:bf brd ff:ff:ff:ff:ff:ff
3: wlp1s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 34:41:5d:64:98:c1 brd ff:ff:ff:ff:ff:ff
4: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether d8:9e:f3:82:d5:bf brd ff:ff:ff:ff:ff:ff
    inet 192.168.83.9/24 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::da9e:f3ff:fe82:d5bf/64 scope link 
       valid_lft forever preferred_lft forever
default via 192.168.83.1 dev vmbr0 proto kernel onlink 
192.168.83.0/24 dev vmbr0 proto kernel scope link src 192.168.83.9

                  Here is cat /etc/network/interfaces

                  auto lo
iface lo inet loopback

iface enp0s31f6 inet manual

auto vmbr0
iface vmbr0 inet static
	address 192.168.83.9/24
	gateway 192.168.83.1
	bridge-ports enp0s31f6
	bridge-stp off
	bridge-fd 0

iface wlp1s0 inet manual
                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    That looks fine.

                    I'd be checking for some sort of port isolation function on the switch. Not much else it can be there if both devices have the expected IP and subnet set.

                    C 1 Reply Last reply Reply Quote 0
                    • C
                      Cableboy @stephenw10
                      last edited by

                      @stephenw10 Yeah. I've been doing more research and totally agree. I'm going to swap out the managed switch for an unmanaged switch and see if the problem goes away.

                      Both the managed switch and the pfSense box were installed at the same time. I just figured that the more complicated box was probably doing something. But, as you pointed out above it should only be on the switch at this point.

                      I guess this is good because we don't learn anything when it all works the first time, right? :-D

                      stephenw10S 1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator @Cableboy
                        last edited by

                        @cableboy said in Unable to Access a Proxmox Server After Moving to pfSense:

                        guess this is good because we don't learn anything when it all works the first time, right? :-D

                        Yup, exactly! 😁

                        1 Reply Last reply Reply Quote 0
                        • C
                          Cableboy
                          last edited by

                          @Patch @stephenw10 Thanks for your help! Replacing the switch fixed the issue! I factory reset the TP Link managed switch and it's working now too. It's sometimes the simple stuff you over look on the troubleshooting path that trip you up.

                          I could not determine any reason why the TP Link managed switch was preventing the Proxmox GUI from coming up. I checked everything before I reset it.

                          Thanks again!

                          1 Reply Last reply Reply Quote 1
                          • First post
                            Last post