Gateway double NAT and problems with proxmox vm
-
I really apologize for being a pain. I try to find answers myself and I've spent days but I can't get this layout to work.
I have a homelab I'm building with Proxmox.
I have my cable router 192.168.1.1 and all my home network is on that. Then I have a TPlink router in my lab that's set up in the 192.168.0.1 range. Works fine and all my Proxmox nodes have static IP's in that range.
I installed a Pfsense VM but I'm struggling trying to figure out how to configure. I can't use 192.168.1.1 because it sends me to my default gateway. I tried setting my PfSense range in a 10.0.0.1 range and can't connect , I also tried it in the 192.168.0.2 range but still can't connect. I need someone to hold my hand to figure this out. I've been struggling with this for several days and I'm lost apparently -
@warloxian Disconnect your cable modem, change pfSense subnet, reconnect cable modem.
-
@jarhead Let me clarify. I am able to connect to pfsense through console. I'm not able to connect to pfsense web gui. Does your solution seem to apply to this? Because from console I am able to change my pfsense ip address. That's not a problem and I can stay hooked up to console through those ip changes.
-
@warloxian said in Gateway double NAT and problems with proxmox vm:
I have my cable router 192.168.1.1 and all my home network is on that. Then I have a TPlink router in my lab that's set up in the 192.168.0.1 range. Works fine and all my Proxmox nodes have static IP's in that range.
As you're saying 192.168.1.1 range and 192.168.0.1 range, I have to assume that the TPlink is an L3 switch, which is capable to route the upstream traffic of latter network to the main router.
pfSense allows WebGUI access only from LAN network out of the box. So if the LAN is connected to the VMs you need to access it from one of the VMs. But you didn't mention how you connected the NICs.
-
@viragomann I have Pfsense installed on one of 5 nodes. I have my WAN cable hooked to my TPlink AX1800 Wi-Fi 6 Router and I have my LAN cable coming out of my second NIC going into a Netgear Prosafe GS108PE switch. Then i have my 4 other nodes connected from the Prosafe. When i set up Pfsense originally it had a 192.168.1.1 address which conflicts with my main cable router. So I changed the Ip of my Pfsense to 10.0.0.1 and tried 192.168.0.2 as well as 192.168.2.1. I am not able to the web gui from any of those addresses.
I am attaching my very first try at drawing a network map. Hope it all makes sense
The entire reason I am setting my lab up this way is for me to learn networking. I am 56 years old and I have only started learning this recently. Keeps my mind from going to those dark places that get me into trouble. I guess I am very confused about the how it all works.
-
@warloxian Try this. Go back into pfSense shell ( 8 in the menu ), type pfctl -d and hit enter.
Can you get to the webGUI now?
If so, you're not on the pfSense LAN.
pfctl -e will reenable the firewall. -
@warloxian said in Gateway double NAT and problems with proxmox vm:
When i set up Pfsense originally it had a 192.168.1.1 address which conflicts with my main cable router.
Yes, you cannot use the default LAN 192.168.1.0/24 network, since doing so, the TPlink was not able to route.
So use any other subnet for LAN, say 10.0.0.1/24. When you configure the LAN IP in the console, pfSense shows you the URL to access the web configurator after fishing the network configuration, for instance http://10.0.0.1.
pfSense will also ask you to use SSL for accessing the LAN. You better omit this in the first step if you're unsure, because your web browser possibly will refuse the self signed SSL certificate and hence won't show the GUI.Remember that you can only access the GUI from a VM connected to vmbr1. Ensure that the VMs network configuration is set properly for the used LAN subnet.
BTW: what's not clear to me in your screen: the vmbr0 settings show the address 192.168.0.110, but the address line in the browser shows 192.168.0.150. I'm wondering, where pfSense gets the latter IP from. These should be the same normally.
-
Guys, I just started over on this. I know I should troubleshoot these types of issues instead of starting over. But I did start over and I have a working Pfsense firewall. Something I've been working on for a long time. Now the hard part will be for me to build and configure my pentesting lab behind that firewall.