pfSense on Proxmox What Does Networking Look Like?

Discussion in 'Linux Admins, Storage and Virtualization' started by brianmc, Jul 22, 2018.

  1. brianmc

    brianmc New Member

    Jun 25, 2018
    Likes Received:
    Hey everyone.

    I'm trying to wrap my head around running pfSense in a VM. I get external network to the NIC passed through to the VM. Internal NIC to the Linux bridge. VM's are on this bridge so that's OK too.

    What IP is the Proxmox host then? I'm totally confused on this part.
  2. brianmc

    brianmc New Member

    Jun 25, 2018
    Likes Received:
    I'm thinking maybe I have this in the wrong section.

    Here's the setup:

    external network br0 1.x.x.x
            |           |
    pfs1vm    pfs2vm
            |           |
    internal network br1 10.1.1.x
    The pfSense VMs I get. Ideally, I'd want the Proxmox host to do updates over WAN. So if I give the Proxmox host an IP on the KVM internal network bridge 10.1.1.x then I have to have the pfSense VMs up and running to do the initial updates right? Otherwise, it won't route to the external network.

    I know someone here has done this. Sorry my ascii art sucks.
  3. Patrick

    Patrick Administrator
    Staff Member

    Dec 21, 2010
    Likes Received:
    I know a lot of people here will disagree with me, but is it possible to get a third NIC?

    One Proxmox management NIC (default installation.)

    One WAN
    One LAN

    That way, you can still manage the host out of band on a management network. It is not necessary, but it may help simplify your question. Updates would happen from the management network and out from there. You could even have a virtualized pfSense that is the VPN gateway for this management network.
    vl1969 likes this.
  4. vl1969

    vl1969 Active Member

    Feb 5, 2014
    Likes Received:
    I have a running setup right now.
    although you can do this with 2 NIC ideally 3 is better.
    I run my on Lenovo p59 machine with a dual port PCI-e Intel nic

    the onboard port is dedicated to the management and the both nic ports are used for pfSense.

    I did not pass-through anything.
    I did Proxmox setup as usual.

    than configured 3 virtual Bridges
    vmbr0 --> internal nic port for Management. in my case I needed to have 2 network schema the 192.168.x.x and 10.10.1.x at a time. so I have a vmbr0 as 192.168.1.x and vmbr0:1 as all static.

    than I have vmbr1 as WAN and vmbr2 as LAN

    ports for vmbr0 and vmbr2 are plugged in into main 24 port switch.

    the vmbr1 I plugged in into my older router first before setting up pfSense.
    than I created pfSense VM and asigned vmbr1 and vmbr2 to it (vmbr1 as net0 and vmbr2 as net1)

    to make it simple when installing pfSense unplug the WAN port and chose the active nic to be LAN.

    once all is installed plug in the WAN port into your ISP provider modem and reboot VM.
  5. Jay Quin

    Jay Quin New Member

    Jul 26, 2018
    Likes Received:
    One thing I would recommend is if you can, add a third port and connect the PVE host to it. If you passthrough all of our NICs to pfSense and setup PVE host on a bridge connected only to pfSense what happens when the pfSense goes down? You can no longer access the PVE host remotely. So connect your PVE host to a bridge to pfSense AND to a spare NIC port. You don't have to plug in the port, it's only there in case of emergency.
Similar Threads: pfSense Proxmox
Forum Title Date
Linux Admins, Storage and Virtualization couple of strange questions about proxmox and pfsense setup. Mar 23, 2017
Linux Admins, Storage and Virtualization use case evaluation for pfSense on Proxmox setup Oct 5, 2016
Linux Admins, Storage and Virtualization Migration from ESXi to Proxmox Apr 26, 2019
Linux Admins, Storage and Virtualization Proxmox VE 5.4 Released HUGE New Feature Apr 22, 2019
Linux Admins, Storage and Virtualization (Proxmox VE) Persistent automatic nag-removal script Apr 15, 2019

Share This Page