Proxmox Web Interface Not Accessible When Shaw Modem is in Bridge Mode
-
@NollipfSense this is a post that i also have on proxmox web forum but to get more information i thought that it would be nice to get some help on what I'm doing wrong. https://forum.proxmox.com/threads/proxmox-web-interface-not-working-after-installing-pfsense.128076/#post-561724 this is the cross-post to the forum page. My network is set up like this isp>bridged modem>nic pcie card, (2 ports enp6s0f0, which is the one that I'm hooked up to)>eno1 goes to my switch> from switch goes to eno4. Also i have set up the enp6s0f0 as a bridge that's how i got this working in the first place, granted it took me a bit longer to figure it out but i got there.
-
@Papa_Dragon I looked at the post (on Proxmox).
"I have a Dell R710 server running the latest version of Proxmox, and I recently installed pfSense as a VM on it."
"My ISP connection goes to the WAN interface on my server, and from there, it connects to a network switch. The LAN connection from the switch is connected to the server's built-in 4-port NIC."That's why I mentioned the Netgate doc above for you to look at. Your ISP connection must go to pfSense WAN...not Proxmox Two of you NIC ports must go to pfSense (passthrough) for WAN and LAN. One port to Proxmox.
I am also using a Dell (Dell Precision 3630MT) with its on-board NIC and added Intel i350-t4. The on-board NIC is for Proxmox on network 10.8.27.36/24 with gateway 10.8.27.1 which is pfSense LAN.
Note the two other bridges, vmbr1 is pfsense WAN and vmbr2 is pfSense LAN. They have no IPs because the IPs are passthrough to pfSense; so, Proxmox doesn't need to have them configured in Proxmox.What's important is for Proxmox to have a gateway. You can plug a computer directly into the port configured for Proxmox to access the webGUI (the computer must be manually set to an IP within the same network)...Proxmox won't have a gateway UNTIL pfSense is installed and running, since Proxmox's gateway is pfSense LAN.
-
@NollipfSense okay so i made the vmbr1 and 2 as my WAN and LAN. vmbr1 is enp6s0f0 is WAN and vmbr2 enp6s0f1 is LAN. as for the gateway should i put pfsense's gateway to proxmox?
-
@Papa_Dragon Yes, as it's your main firewall and the only sure way to protect the host, Proxmox. Note on mine, I use one network, 10.8.27.0/24
Also, set firewall rules to force all clients, including Proxmox, use pfSense DNS. Here is a screenshot of mine.
-
@NollipfSense okay so this is the changes that i made to my proxmox server
first things first i set up my physical network like this
ISP modem is in bridge mode btwvmbr0=10.0.0.>eno1>network switch (and gateway is set to pfSense gateway) using nano /etc/network/interfaces
ISP>enp1s0f0 (WAN)
LAN=enp1s0f1>network switchnow for the firewall rules in pfsense is like this: for security reasons it actually set to the webpage of proxmox i just photoshopped it.
but i get nothing at all
-
@Papa_Dragon said in Proxmox Web Interface Not Accessible When Shaw Modem is in Bridge Mode:
vmbr0=10.0.0.>eno1>network switch (and gateway is set to pfSense gateway) using nano /etc/network/interfaces
ISP>enp1s0f0 (WAN)
LAN=enp1s0f1>network switchI don't understand "network switch" on vmbro...hope you don't have a switch there...any network switch must attach to pfSense LAN.
The pfSense WAN and LAN must be passedthrough. If you have a switch, put it on pfSense LAN, you can connect an Ethernet cable from proxmox's management port to it to have access to both pfSense LAN and Proxmox. Remember DNS also. In the screenshot below, you will be able access Proxmox and pfSense webGUI with the same browser with different tabs...in mine, I have Proxmox, pfSense, and FreePBX.
-
@NollipfSense okay well there might have been some slight miscommunication on my end. vmbr0 is bridged to eno1 (which is what eno1 is set to on proxmox the default bridge set up) which is going to the network switch. is that wrong?!?!
I have the total of 3 bridges
vmbr0 =10.0.0.xx and to pfsense gateway is set to the gateway,
vmbr1 = WAN on pfsense
vmb2 i= LAN on pfsensethe DNS is from my isp as well as google, but i plan to make my own DNS server so that i am more private.
pfSesnse DNS:
8.8.8.8,
8.8.4.4 (google)69.59.135.147,
69.59.128.113 (Shaw aka isp)Proxmox DNS
69.59.135.147
69.59.128.113Firewall settings on pfSense
WAN Interface Rule:
Action: Pass
Interface: WAN
Address Family IPv4
Protocol: Any
Source: Any
Destination: WAN Address
Description: Proxmox Management WANLAN Interface Rule:
Action: Pass
Interface: LAN
Address Family IPv4
Protocol: Any
Source: Any
Destination: LAN Address
Description: Proxmox Management LAN -
@Papa_Dragon said in Proxmox Web Interface Not Accessible When Shaw Modem is in Bridge Mode:
is that wrong?!?!
Well, if your gateway for Proxmox is pfSense LAN, then it would make sense to put the switch on pfSense LAN and connect Proxmox's management port to the switch ensuring Proxmox know its gateway.
@Papa_Dragon said in Proxmox Web Interface Not Accessible When Shaw Modem is in Bridge Mode:
pfSesnse DNS:
8.8.8.8,
8.8.4.4 (google)69.59.135.147,
69.59.128.113 (Shaw aka isp)Proxmox DNS
69.59.135.147
69.59.128.113Proxmox DNS, as stated before, should be pfSense and set this as well as this, see below:
@Papa_Dragon said in Proxmox Web Interface Not Accessible When Shaw Modem is in Bridge Mode:
WAN Interface Rule:
Action: Pass
Interface: WAN
Address Family IPv4
Protocol: Any
Source: Any
Destination: WAN Address
Description: Proxmox Management WANNot needed since Proxmox management will be apart of pfSense LAN...see below, I have none, other than default. Note, you will need one, if and only if, you have port forward or VPN later.
-
okay so i went to nano /etc/resolv.conf
changed the DNS to
127.0.0.1
8.8.8.8
8.8.4.4added the LAN Rule
and i still get nothing -
@Papa_Dragon It seems as if you're not following instructions given. Also, you need to read up on pfSense as much as possible. A statefull firewall, such as pfSense, nothing can enter the WAN unless the request comes from LAN; so, putting these rules on WAN is pointless...they're not doing anything...see the circle on the pic below. You were told to leave WAN with the default rule it had OR read Netgate document on WAN.
What's this 10.0...that's not a complete IP address...please disclose the full address. If you look at the circle, LAN.net tried to contact this 10.0 address BUT the address is not responding. Now, look at your DNS below the circle...you see that your DNS is working...
-
i understand the confusion. And i apologize if I am making this difficult. in my defense i had no idea what pfsense was... until like 2 months ago. this is a new hobby for me, with a huge learning curve and i am excited to enter the world but didn't realize how much work it would be, but i can assure you that i am willing to learn. i am trying my best to follow your instructions, but i mostly go off of your pictures to understand what to do. i wouldn't be on this forum if i knew what i was doing, but sense its new to me I am reaching out and asking for help because i have a very small percentage on what i am doing. So again i am sorry if this is frustrating.
for the wan i have portforward that i would not like to disclose, as it may or may not be exposed to the world and a potential security risk. all i well say is that its a game server that i have set up with my buddies. it appears that its doing nothing but infact it is. Also for the LAN it was a complete address. i just photo shopped it to block out any potential security risks.
-
@Papa_Dragon said in Proxmox Web Interface Not Accessible When Shaw Modem is in Bridge Mode:
this is a new hobby for me, with a huge learning curve and i am excited to enter
Good, we all had been there.
@Papa_Dragon said in Proxmox Web Interface Not Accessible When Shaw Modem is in Bridge Mode:
i have portforward that i would not like to disclose
Learn to use firewall alias...they're awesome firewall tools so you can show without disclosure. Also, ping LAN.net from 10.0.0.15...make sure the protocol is IPv4 TCP/UDP so we know that also works
-
so i tired to ping on my server i only have access to it due to a mouse and keyboard, and a monitor, but i cant ssh in. i tired ping LAN.net (from my server aka 10.0.0.15) and i got this as a result. temporary failure in name resolution
which one should be the TCP/UDP?
-
@Papa_Dragon said in Proxmox Web Interface Not Accessible When Shaw Modem is in Bridge Mode:
which one should be the TCP/UDP?
Select both...port 8006 is UDP and update Proxmox will use TCP.
-
@NollipfSense ![Screenshot (23).png]
is this what you meant? also sorry for the late reply ( i guess early lol for me at least). would adding another LAN for my eno1 work? like if i went back and accessed my proxmox and added the vmbr0(aka eno1)? would disabling the proxmox firewall work? I'm just trying to figure it outalso this is Photoshopped!! dont worry its not blank...!
edit when i was assigning, the gateway i used the WAN gateway. but I've noticed that any time i connect a device to my LAN it gets a different gateway. so should i have put the LAN gateway or the WAN gateway??
-
@Papa_Dragon said in Proxmox Web Interface Not Accessible When Shaw Modem is in Bridge Mode:
so should i have put the LAN gateway or the WAN gateway??
Only your LAN has a gateway...WAN just connects you to the Internet...your network is LAN.
@Papa_Dragon said in Proxmox Web Interface Not Accessible When Shaw Modem is in Bridge Mode:
I've noticed that any time i connect a device to my LAN it gets a different gateway
That's because you still have it the same way in your original post despite several instruction. Maybe, that's why you have this, see below. Since you have port forwarded, that suggest you have some server function other than Proxmox. So, that seems to suggest you're implementing a sophisticated network. That's fine however, you must know what you're doing. A network diagram would be best for us to see what you want to accomplish.
-
@NollipfSense okay well its a bit confusing so if you wouldn't mind giving me a breakdown on what needs to get done i would appreciate it! i would like a breakdown step by step please.
This image below is what you were told to do and since your Dell has a four-port NIC, you have two for pfSense WAN and LAN, one for Proxmox, and the other you can use for your port forward. Does this helps?
-
@NollipfSense this is actually the physical set up
-
@Papa_Dragon okay to clarify
-
swap promox to pfsense LAN gateway?
-
swap dns using nano /etc/resolv.conf (done)
-
change IPv4 tcp protocol to TCP/UDP?
i tried for the caveman drawing, sorry if its bad
this is the written version of what i have set up
- internet>modem (in bridge mode) then from there 2 port NIC card (pfsense WAN and LAN interfaces) enp6s0f0 is made into WAN LAN is enp6s0f1 same NIC. there are 3 bridges in total and they go as follows:
vmbr0=eno1 (OG 4 port NIC)
vmbr1= enp6s0f0 (pcie NIC)
vmbr2= enp6s0f1 (pcie NIC
-
then on that same NIC, i have the LAN going off to my network switch. done.
-
the OG port for Proxmox is eno1 (not a "0" btw) that is hooked up to the network switch. done
so total 2 ethernet cords that are currently in my switch.
how i started/set up my VM on Proxmox
shaw modem is not in bridge mode
-named it pfSense
-chosen my hardware, ram, cpu cores, then on the networking page i said no, to default vmbr0 and opted to choose my own
-
hit finish
-
went over to hardware tab on VM and input vmbr1 (WAN) vmbr2(LAN) i even labeled them to not get things messed up
-made sure to hit boot at start
-booted it up
-then when it asked me for Vlan i said no
-then opted for me to choose an interface. WAN is as stated earlier same for LAN
- hit 2 on the pf boot menu
-set my own LAN ip address for pfSense
-proceeded to add a range for pfSense for my LAN
now what is on the switch (if its important) is as follows
-
I have the pfsense LAN
-
Proxmox eno1
-
a wifi router to get wifi in my house
-
smart lights
-
PS5
what i have set up on my pfsense firewall
WAN
nothing
LAN
-i have a portforward for a game server for my friends and I
-
i also have those "proxmox management"
-
DNS
and other things in that photo
this is everything, i hope this clarifys things a little.
i apolozige that you need to repeat yourself its just a little over my head and the way i learn or at least know what to do is by a list of things like what i typed. so for example if i created a new LAN rule, it helps me understand if i know what to put. so it goes like this
interface: LAN
protocol: any
source : blah blah
and so on and so forth
-
