Can someone explain to me how i can do this ?
-
Hello, as you can see, below I have attached a diagram of my home network and I have some concerns.
I want pfSense, which will run on a VM from the Proxmox server, to be the main router (Wan PPPoE, DHCP for all devices, to provide me with Internet for the Proxmox server for the rest of the virtual machines, and for Proxmox to be accessed by on any link of the switch, not just local as it works for me now).
The Proxmox server has a NIC with 4 gigabit ports, which is recognized from installation without the need for other settings, the motherboard NIC is disabled, so only the 4 will be main.
I want that after the pfSense is configured, I can forward the internet to the big server, Proxmox, and later through the switch to the rest, preferably all in the same network.
The problem is that I'm not very good at bridge in Proxmox and I haven't found a tutorial to my liking where I can understand something.
I specified some details about the devices in the diagram as well.
If anyone is doing quite well and has a similar or even larger setup, I would appreciate the help!
-
@root1ng What is your network setup (screenshot) looking like right now on proxmox?
-
@Bob-Dig Hello,
Is that what you want to see?
-
@root1ng Yep, how are you accessing proxmox right now?
-
@Bob-Dig I connected a cable from the lan 1 port to a laptop, and on the laptop I have a modified static ip in the same subnet.
-
@root1ng Cool. So what you wanna do with all the ports, it looks like you got 6 ports on the host.
-
@Bob-Dig I have only 4, i don't know why are 6 on proxmox, never mind..
As I explained in the diagram, I want to create a VM for pfSense, the port to which I am now connected for local access should be wan, the next LAN port to the switch, but I also want and don't know how to provide internet for proxmox to an ip is assigned so that it can be accessed not locally, but from the Internet or from the rest of the switch's ports, then I can go to the workstations and mesh -
@Bob-Dig The network card is on PCIe, the network card of the motherboard is disabled in the bios
-
@root1ng You pretty much have the exact same setup as me, if I get time I'll write-up my logical network setup, you can see my physical setup in this post. Some pointers:
- Pick a port on your proxmox server and connect this to your ISP's media converter.
- In proxmox, hardware passthrough this port (e.g. eth0) to your pfSense VM.
- In proxmox, bridge the remaining three ports (e.g. eth1, eth2 & eth3). If you want to access proxmox from this bridge, configure it for the LAN network you will eventually use in pfSense and assign it an IP on that network e.g. pfSense = 172.16.1.1/24, proxmox = 172.16.1.2/24, NAS=172.16.1.3/24 etc.
- In pfSense (via proxmox VM shell), re-run the network configurator and pick the passed through port (eth0) as your WAN interface, and the bridge as your LAN interface. If you didn't need PPPoE, your WAN should pick-up an IP from your ISP at this point, but probably won't.
- In pfSense, if no ISP DHCP assigned WAN IP, configure PPPoE on WAN interface and assign this new interface (e.g. PPPoE on eth0) to WAN. Your WAN interface should now come up. If not, check the logs for PPPoE failures. Note: I had to add an ISP provided VLAN tag to my PPPoE config before it was assigned an IP.
- In pfSense, configure your LAN interface for 172.16.1.1/24 and setup DHCP to assign, usually, 172.16.1.100 - 200/24 to internal devices. I personally use AdGuard so have DHCP also assign my AdGuard VM's IP as DNS1, but if you're not using AdGuard (or PiHole) setup DNS1 with your pfSense IP, pfSenses' DNS Resolver is enabled by default. You might also consider either Google's public DNS (8.8.8.8) or Cloudflare's (1.1.1.1) as your DNS2 etc.
Other tips
- Make sure no other router (including your AP) is assigning DHCP IP addresses on your LAN, they should all be assigned via pfSense to assure network stability.
Now at this stage you should have a working home network, pfSense (172.16.1.1) and proxmox (172.16.1.2) will be accessible via any bridged port or anything connected to the bridged ports. If you want to access your firewall from outside the LAN, follow this guide. Remember that you are effectively providing admin access to your internal network to the entire planet by doing this - I would strongly suggest only doing this via a VPN.
If you do end up just opening a port (not recommended) you can use a Dynamic DNS service, such as https://noip.com to access your firewall via a FQDN.
-
@tictag omg finally someone doing the same thing as me. Currently working now so i cant do example's right now but I'm am also making a proxmox super network running pfsense>truenas>plex>homeassistant>adguard. But the network side of proxmox has got me stumped. When I get home tonight (late) I will follow these instructions you gave. If I get stuck somewhere on the way can I contact you for a helping hand.?
-
@Spottedfezzit There are far bigger brains on this forum than mine! I suggest you post to the forum than relying on my singularly small brain, but, yes, of course, I am happy to help if I can.
David.
-
@root1ng said in Can someone explain to me how i can do this ?:
the network card of the motherboard is disabled in the bios
Most of us who use Proxmox reserve that port for Proxmox...makes it a lot easy, and once you passthrough the PCIe NIC in your setup, Proxmox won't have a gateway. Please visit here: https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html
