Proxmox Web Interface Not Accessible When Shaw Modem is in Bridge Mode
-
Hello,
I'm facing an issue with accessing the Proxmox web interface when my Shaw modem is set to bridge mode. I hope someone can provide some guidance or solutions to help resolve this problem.
Here's the situation:
When my Shaw modem is in bridge mode, I'm unable to access the Proxmox web interface using the local IP address (10.0.0.xx) assigned to my Proxmox server.
However, when I switch my Shaw modem back to its default mode, I regain access to the Proxmox web interface without any issues, and when i reload the page for the proxmox and put it back into bride mode everything works fine, i just need to not reboot my server.
I suspect that the change in network configuration due to bridge mode is causing this problem. potentially the gateway? or a DNS issue I'm not sure, I'm still a little new to this. I would like to be able to access the Proxmox web interface even when my Shaw modem is in bridge mode.I have already tried the following troubleshooting steps:
nano etc/network/interfaces
and i edited the IP address, as well as the gateway to my WAN on pfsense and yet i get nothing if i dont load the page while the modem is not in bridge mode.
i dont want to mess around with the internet at the moment and mess it up, not until i get some help.
If anyone has experienced a similar issue or has any suggestions on how to resolve this, I would greatly appreciate your assistance.Thank you in advance for your help!
-
@Papa_Dragon said in Proxmox Web Interface Not Accessible When Shaw Modem is in Bridge Mode:
I'm facing an issue with accessing the Proxmox web interface when my Shaw modem is set to bridge mode.
That shouldn't happen and appears you are missing basic networking concept and most likely the issue is DNS...nothing to resolve Proxmox's hostname since it might be on a different network. I recommend reading this: https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html
Also, you must access the network you setup for vmbr0...and the computer you're using to access Proxmox must be on the same exact network as vmbr0.
-
@NollipfSense this is a post that i also have on proxmox web forum but to get more information i thought that it would be nice to get some help on what I'm doing wrong. https://forum.proxmox.com/threads/proxmox-web-interface-not-working-after-installing-pfsense.128076/#post-561724 this is the cross-post to the forum page. My network is set up like this isp>bridged modem>nic pcie card, (2 ports enp6s0f0, which is the one that I'm hooked up to)>eno1 goes to my switch> from switch goes to eno4. Also i have set up the enp6s0f0 as a bridge that's how i got this working in the first place, granted it took me a bit longer to figure it out but i got there.
-
@Papa_Dragon I looked at the post (on Proxmox).
"I have a Dell R710 server running the latest version of Proxmox, and I recently installed pfSense as a VM on it."
"My ISP connection goes to the WAN interface on my server, and from there, it connects to a network switch. The LAN connection from the switch is connected to the server's built-in 4-port NIC."That's why I mentioned the Netgate doc above for you to look at. Your ISP connection must go to pfSense WAN...not Proxmox Two of you NIC ports must go to pfSense (passthrough) for WAN and LAN. One port to Proxmox.
I am also using a Dell (Dell Precision 3630MT) with its on-board NIC and added Intel i350-t4. The on-board NIC is for Proxmox on network 10.8.27.36/24 with gateway 10.8.27.1 which is pfSense LAN.
Note the two other bridges, vmbr1 is pfsense WAN and vmbr2 is pfSense LAN. They have no IPs because the IPs are passthrough to pfSense; so, Proxmox doesn't need to have them configured in Proxmox.What's important is for Proxmox to have a gateway. You can plug a computer directly into the port configured for Proxmox to access the webGUI (the computer must be manually set to an IP within the same network)...Proxmox won't have a gateway UNTIL pfSense is installed and running, since Proxmox's gateway is pfSense LAN.
-
@NollipfSense okay so i made the vmbr1 and 2 as my WAN and LAN. vmbr1 is enp6s0f0 is WAN and vmbr2 enp6s0f1 is LAN. as for the gateway should i put pfsense's gateway to proxmox?
-
@Papa_Dragon Yes, as it's your main firewall and the only sure way to protect the host, Proxmox. Note on mine, I use one network, 10.8.27.0/24
Also, set firewall rules to force all clients, including Proxmox, use pfSense DNS. Here is a screenshot of mine.
-
@NollipfSense okay so this is the changes that i made to my proxmox server
first things first i set up my physical network like this
ISP modem is in bridge mode btwvmbr0=10.0.0.>eno1>network switch (and gateway is set to pfSense gateway) using nano /etc/network/interfaces
ISP>enp1s0f0 (WAN)
LAN=enp1s0f1>network switchnow for the firewall rules in pfsense is like this: for security reasons it actually set to the webpage of proxmox i just photoshopped it.
but i get nothing at all
-
@Papa_Dragon said in Proxmox Web Interface Not Accessible When Shaw Modem is in Bridge Mode:
vmbr0=10.0.0.>eno1>network switch (and gateway is set to pfSense gateway) using nano /etc/network/interfaces
ISP>enp1s0f0 (WAN)
LAN=enp1s0f1>network switchI don't understand "network switch" on vmbro...hope you don't have a switch there...any network switch must attach to pfSense LAN.
The pfSense WAN and LAN must be passedthrough. If you have a switch, put it on pfSense LAN, you can connect an Ethernet cable from proxmox's management port to it to have access to both pfSense LAN and Proxmox. Remember DNS also. In the screenshot below, you will be able access Proxmox and pfSense webGUI with the same browser with different tabs...in mine, I have Proxmox, pfSense, and FreePBX.
-
@NollipfSense okay well there might have been some slight miscommunication on my end. vmbr0 is bridged to eno1 (which is what eno1 is set to on proxmox the default bridge set up) which is going to the network switch. is that wrong?!?!
I have the total of 3 bridges
vmbr0 =10.0.0.xx and to pfsense gateway is set to the gateway,
vmbr1 = WAN on pfsense
vmb2 i= LAN on pfsensethe DNS is from my isp as well as google, but i plan to make my own DNS server so that i am more private.
pfSesnse DNS:
8.8.8.8,
8.8.4.4 (google)69.59.135.147,
69.59.128.113 (Shaw aka isp)Proxmox DNS
69.59.135.147
69.59.128.113Firewall settings on pfSense
WAN Interface Rule:
Action: Pass
Interface: WAN
Address Family IPv4
Protocol: Any
Source: Any
Destination: WAN Address
Description: Proxmox Management WANLAN Interface Rule:
Action: Pass
Interface: LAN
Address Family IPv4
Protocol: Any
Source: Any
Destination: LAN Address
Description: Proxmox Management LAN -
@Papa_Dragon said in Proxmox Web Interface Not Accessible When Shaw Modem is in Bridge Mode:
is that wrong?!?!
Well, if your gateway for Proxmox is pfSense LAN, then it would make sense to put the switch on pfSense LAN and connect Proxmox's management port to the switch ensuring Proxmox know its gateway.
@Papa_Dragon said in Proxmox Web Interface Not Accessible When Shaw Modem is in Bridge Mode:
pfSesnse DNS:
8.8.8.8,
8.8.4.4 (google)69.59.135.147,
69.59.128.113 (Shaw aka isp)Proxmox DNS
69.59.135.147
69.59.128.113Proxmox DNS, as stated before, should be pfSense and set this as well as this, see below:
@Papa_Dragon said in Proxmox Web Interface Not Accessible When Shaw Modem is in Bridge Mode:
WAN Interface Rule:
Action: Pass
Interface: WAN
Address Family IPv4
Protocol: Any
Source: Any
Destination: WAN Address
Description: Proxmox Management WANNot needed since Proxmox management will be apart of pfSense LAN...see below, I have none, other than default. Note, you will need one, if and only if, you have port forward or VPN later.
-
okay so i went to nano /etc/resolv.conf
changed the DNS to
127.0.0.1
8.8.8.8
8.8.4.4added the LAN Rule
and i still get nothing -
@Papa_Dragon It seems as if you're not following instructions given. Also, you need to read up on pfSense as much as possible. A statefull firewall, such as pfSense, nothing can enter the WAN unless the request comes from LAN; so, putting these rules on WAN is pointless...they're not doing anything...see the circle on the pic below. You were told to leave WAN with the default rule it had OR read Netgate document on WAN.
What's this 10.0...that's not a complete IP address...please disclose the full address. If you look at the circle, LAN.net tried to contact this 10.0 address BUT the address is not responding. Now, look at your DNS below the circle...you see that your DNS is working...
-
i understand the confusion. And i apologize if I am making this difficult. in my defense i had no idea what pfsense was... until like 2 months ago. this is a new hobby for me, with a huge learning curve and i am excited to enter the world but didn't realize how much work it would be, but i can assure you that i am willing to learn. i am trying my best to follow your instructions, but i mostly go off of your pictures to understand what to do. i wouldn't be on this forum if i knew what i was doing, but sense its new to me I am reaching out and asking for help because i have a very small percentage on what i am doing. So again i am sorry if this is frustrating.
for the wan i have portforward that i would not like to disclose, as it may or may not be exposed to the world and a potential security risk. all i well say is that its a game server that i have set up with my buddies. it appears that its doing nothing but infact it is. Also for the LAN it was a complete address. i just photo shopped it to block out any potential security risks.
-
@Papa_Dragon said in Proxmox Web Interface Not Accessible When Shaw Modem is in Bridge Mode:
this is a new hobby for me, with a huge learning curve and i am excited to enter
Good, we all had been there.
@Papa_Dragon said in Proxmox Web Interface Not Accessible When Shaw Modem is in Bridge Mode:
i have portforward that i would not like to disclose
Learn to use firewall alias...they're awesome firewall tools so you can show without disclosure. Also, ping LAN.net from 10.0.0.15...make sure the protocol is IPv4 TCP/UDP so we know that also works
-
so i tired to ping on my server i only have access to it due to a mouse and keyboard, and a monitor, but i cant ssh in. i tired ping LAN.net (from my server aka 10.0.0.15) and i got this as a result. temporary failure in name resolution
which one should be the TCP/UDP?
-
@Papa_Dragon said in Proxmox Web Interface Not Accessible When Shaw Modem is in Bridge Mode:
which one should be the TCP/UDP?
Select both...port 8006 is UDP and update Proxmox will use TCP.
-
@NollipfSense ![Screenshot (23).png]
is this what you meant? also sorry for the late reply ( i guess early lol for me at least). would adding another LAN for my eno1 work? like if i went back and accessed my proxmox and added the vmbr0(aka eno1)? would disabling the proxmox firewall work? I'm just trying to figure it outalso this is Photoshopped!! dont worry its not blank...!
edit when i was assigning, the gateway i used the WAN gateway. but I've noticed that any time i connect a device to my LAN it gets a different gateway. so should i have put the LAN gateway or the WAN gateway??
-
@Papa_Dragon said in Proxmox Web Interface Not Accessible When Shaw Modem is in Bridge Mode:
so should i have put the LAN gateway or the WAN gateway??
Only your LAN has a gateway...WAN just connects you to the Internet...your network is LAN.
@Papa_Dragon said in Proxmox Web Interface Not Accessible When Shaw Modem is in Bridge Mode:
I've noticed that any time i connect a device to my LAN it gets a different gateway
That's because you still have it the same way in your original post despite several instruction. Maybe, that's why you have this, see below. Since you have port forwarded, that suggest you have some server function other than Proxmox. So, that seems to suggest you're implementing a sophisticated network. That's fine however, you must know what you're doing. A network diagram would be best for us to see what you want to accomplish.
-
@NollipfSense okay well its a bit confusing so if you wouldn't mind giving me a breakdown on what needs to get done i would appreciate it! i would like a breakdown step by step please.
This image below is what you were told to do and since your Dell has a four-port NIC, you have two for pfSense WAN and LAN, one for Proxmox, and the other you can use for your port forward. Does this helps?
