Proxmox CT networking issue

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

arraybytes

New Member
Mar 30, 2024
4
0
1
I have a Proxmox server running on a Qotom Q20331G9 1U. I was unable to find the bios setting for virtualization support so i could pass through the nics directly to my Pfsense VM so I have 2 linux bridges set up, one for enp8s0 for the WAN and another bridge that includes enp4s0-enp7s0. I need to run the Omada controller for my waps and switches so i spun up a CT and installed Omada. Both the WAP managment interface, My PC, and the CT are on the same Vlan with the same IP scheama. However for some reason I can not connect to any PC from the CT. I can ping the CT and get a response from my PC and can ping the WAPs from my PC, however when I ping from the CT to my WAPs or my PC I get no response. I could not find anything in the Firewall logs for Pfsense that would explain why. Any insight would be appreciated.
 

slidermike

Active Member
May 7, 2023
127
50
28
You need to provide more specifics. Screen shots of the pfsense interface configuration, vlans (if any), firewall rules and a basic diagram of the port/interface connections to help us understand the packet flows etc..
Just based on pings one way but not the other it sounds like your ports are not correctly in the same network or the firewall rules need adjustment for traffic between interfaces.
 

arraybytes

New Member
Mar 30, 2024
4
0
1
You need to provide more specifics. Screen shots of the pfsense interface configuration, vlans (if any), firewall rules and a basic diagram of the port/interface connections to help us understand the packet flows etc..
Just based on pings one way but not the other it sounds like your ports are not correctly in the same network or the firewall rules need adjustment for traffic between interfaces.
It is a new setup and I have not made any rules other than granting access through the wan port for the LAN. I have created 4 VLANs, but have not assigned anything to them yet. In fact everything is currently on the main LAN.

the setup right now is; 2 linux bridges set up, one for enp8s0 assigned to WAN (vmbr01) and another bridge that includes enp4s0-enp7s0 assigned to LAN ( vmbr0 ) in Pfsense. The q20331 is running proxmox (10.12.1.200) with pfsense (10.12.1.1) and an ubuntu 20.04 CT (10.12.1.10) with vmbr0 set to eth0. next is a managed switch (10.12.1.2) and one eap610 WAP (10.12.1.4) connected to port 1. My PC is attached directly to the Q20331G9 ports.

Attached is the vlan setting in the switch. I have tried vlan 1 set to taged and untaged and set and unset the vlan of the ubuntu CT. I have also tried creating a firewall rule in Proxmox to allow 10.12.1.10 to talk to 10.12.1.4 and vise versa.
 

Attachments

slidermike

Active Member
May 7, 2023
127
50
28
Can we get a diagram of the pieces and which port is connected to what.
An L1 & L2 diagram would be helpful.
proxmox:
you set it to vlan aware but I am missing the vlan assignments for the same.

Pfsense:
You will wan to have an "permit any to any" between vlans for testing and can adjust it later after establishing a working link for everything.
 

arraybytes

New Member
Mar 30, 2024
4
0
1
Need to say thanks for helping so far. Please let me know exactly what you would need to help. This is more a hobby at this point.

Can we get a diagram of the pieces and which port is connected to what.
An L1 & L2 diagram would be helpful.
not sure what you are looking for. it is a VM with a switch with nothing but 1 WAP installed on port 1 right now and the uplink port (10) to enp4s0. My PC is connected to enp6s0. No other connections except WAN on enp8s0.

proxmox:
you set it to vlan aware but I am missing the vlan assignments for the same.
the vlans are for the wap mostly at this point. it is mainly for the Guest network (0 devices), Cameras (1 currently but 6 eventually), and IoT devices (not sure of the count, but several with the TV's, game systems, and Alexa's.) I plan to have a server running Frigate for cameras, and locking down IoT and guest. I may set up a network for management at some point as well.

Pfsense:
You will wan to have an "permit any to any" between vlans for testing and can adjust it later after establishing a working link for everything.
Tried that, unless this is wrong.
1712711026376.png
1712710658869.png
Can't say I am yet proficient in Pfsense. Also, I have tried a lot of stuff so this is not the settings I would use, just what is set now.
 

Attachments