Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Help with OVH + Proxmox + OPNsense/pfSense
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Help with OVH + Proxmox + OPNsense/pfSense

Hi,

Ive been trying to sort this out for a few days now and done plenty of googling and playing around.

Anywyas what im trying todo is use a OPNsense vm as a firewall between the rest of my vm's and the outside world.

I have a /28 from ovh and would like to have all my ip's handed out through dhcp.

Ive tried setting up Virtual IP's with 1 to 1 nat and havent had any success.

Ive tried this guide https://www.experts-exchange.com/questions/28523210/How-to-configure-pfSense-with-multiple-WAN-IP-addresses-for-1-1-NAT.html#a40355066 and plenty others but still no success.

Has anyone else here had experience in setting up something similar?

Comments

  • FalzoFalzo Member

    I'd say the approach from the link given is right... assign the same virtual mac to all of the IPs on OVH create your VM for your firewall with that vmac and of course make sure all IPs are added and available in the network config inside

    also use a second bridge for a private network between your VMs . Add a second network interface to your firewall vm with an IP of that private range and also use this to hand out the private IPs to your other guests using the firewall VM as gateway...

    The 1on1 matching for public and private ip per guest has them to be done in your firewall config...

    Makr sure between each step that the IPs are reachable like intended...

  • Yeah ive assigned the same virtual mac to all the ip addresses in the /28 through the ovh manager

    My /etc/network/interfaces on the host looks like this

    auto lo
    iface lo inet loopback
    
    auto vmbr1
    iface vmbr1 inet manual
            post-up /etc/pve/kvm-networking.sh
            bridge_ports dummy0
            bridge_stp off
            bridge_fd 0
    
    auto vmbr0
    iface vmbr0 inet static
            address 139.99.xxx.xxx
            netmask 255.255.255.0
            network 139.99.xxx.0
            broadcast 139.99.xxx.255
            gateway 139.99.xxx.254
            bridge_ports eth0
            bridge_stp off
            bridge_fd 0
    
    auto vmbr2
    iface vmbr2 inet static
        address 192.168.1.254
        netmask 255.255.255.0
        gateway 192.168.1.1
        bridge_ports none
        bridge_stp off
        bridge_fd 0
    

    The thing that i find really odd is if i let my vm's get assigned an ip through dhcp that is not static and not one of the VIP's on the lan interface then they have internet connectivity but the external ip is that of the vm OPNsense is on. As soon as i set up the static dhcp address to assign the VIP from the lan interface it looses all internet connectivity.

  • ihadpihadp Member

    Do you have access to vRack with your server?

  • @IHaveADarkPassenger said:
    Do you have access to vRack with your server?

    pretty sure i do.

  • ihadpihadp Member

    @sqamsqam said:

    @IHaveADarkPassenger said:
    Do you have access to vRack with your server?

    pretty sure i do.

    I have run pfSense + NAT on OVH servers without issue, however in order to get everything running smoothly I had to use the vRack so the IP's would act like a normal IP range assigned to a VLAN as opposed to the way OVH normally handles them.

    1. Create vRack
    2. Assign your IP Range & Server(s) to the vRack
    3. Setup your firewall & bridge to use the physical NIC on the server attached to the vRack.

    Once you have setup the above you handle everything like you would in any other environment outside of OVH. Once you assign your IPs to the vRack you no longer need to use MAC addresses in the OVH portal, assign IPs as you desire, etc.

    Downside is you will lose a couple of IPs once assigned to the vRack for gateway, broadcast, etc.

  • I will try that after work. Is there any config that I need to do in terms of adding a new bridge for the vrack or will it just work after I have assigned the /28 and server to the vrack?

  • ihadpihadp Member

    @sqamsqam said:
    I will try that after work. Is there any config that I need to do in terms of adding a new bridge for the vrack or will it just work after I have assigned the /28 and server to the vrack?

    You would need to create a bridge connection in Proxmox for the 2nd NIC (vRack NIC). Once you assign your server & IPs to the vRack you can then begin using them inside Proxmox.

    If you get stuck, ping me and I will see what I can do to help you square it away.

  • so i can order a vrack but its not currently available in Sydney.. guess im gonna have to wait.

  • BKHBKH Member

    Hi @ihadp
    i'm stuck at the same situaiton sqamsqam has mentioned.
    I know this is an old thread but after reading this i want to ask politely ask you for help.
    I assingned my /27-Network to my vRack an created a bride on second NIC

    On OPNsense i configured WAN IP-Adress to XXX.XXX.XXX.XXX/27 with gateway the right gateway.

    OPNsende can be accesses throgh the IP assigned to the bride an all VMs can access the internet but are NATed through to IP-Address oh OPNsense.
    No im stuck in configuring the other IPs

    Can you help me here?

  • For what I know, you do not need a DHCP on an OVH server. The DHCP is already included so to speak on the Mac address. So by setting up the eth0 bridge properly you just need to assign a MAC-ADRESS for what I know.

    Regards!

Sign In or Register to comment.