New on LowEndTalk? Please Register and read our Community Rules.
OVH Proxmox + pfsense + vrack + block ripe
Hi,
I try to use pfsense in a KVM on my proxmox 4/5.
I use pfsense to catch one IP of my block of 16 IP's but the gateway of OVH does not respond to my pfsense.
My config seems to be correct. The same network config with a ubuntu VM works.
Tried with nic intel e1000 & virtio
- pfsense
2.4.2-RELEASE-p1 - proxmox 4 & 5 (tried on 2 hosts)
Steps:
- create a kvm and configure 2 nics to use the bridge of host proxmox binded on interface vrack.
configure
em0with a public IP of my block ripe- IP from block
- Default GW from block
configure
em1for local network
With tcpdump, I see my the packets going to GW but not the respond
Thx for your help
Related post: https://www.lowendtalk.com/discussion/108864/help-with-ovh-proxmox-opnsense-pfsense
Comments
This is exactly the setup I run...
Does your virtual MAC in the OVH control panel match that of your WAN "link" in pfSense? I don't know why this isn't working for you though. I don't have vRack or anything like that. Happy to share any config you think might help.
M
With vrack virtual mac isn't used, you get a "real" subnet with gw
Can you post screenshots of the pfsense config, blur parts of the ip if you want, but if you blur all of it we might not spot any error
EDIT: also post proxmox conf if you want
Inside the pfsense web CP change these settings;
Interfaces > (wan name) > uncheck the two last boxes for Blocking bogen and private,
System > Routing > (Edit your gateway) > Tick last box to allow non-local GW
@fidde, my setup has been working for about 6 months. I was just offering to share the config in order to help @floD
Hi, thx for your help
Proxmox conf
pfsense config
37. ... .235Use non-local gateway through interface specific route.is checkedBlock private networks and loopback addresses&Block bogon networksare uncheckedSo this is my interface config on my proxmox server
The vmbr0 is my "public interface"
vmbr1 is the interface for my "internal" network
Pfsense
WAN: 94.xx.xx.100
LAN: 192.168.2.x
Interface > WAN : Block private networks and loopback addresses & Block bogon networks are checked
The only other thing I remember, and I am sure this is for routing traffic from the LAN-> WAN is:
To create a route up to 192.168.23.254 (your main OVH IP), on an interface having no IP in this range, I use the commands:
route add -net 192.168.23.254/32 -iface em0
route add default 192.168.23.254
The first line tell the firewall that IP address 192.168.23.254 is on the side of the em0 interface (em0 is my WAN interface), the second one use this address as the default gateway.
Install shellcmd into pfSense and add the two commands above, this will make it survive a reboot.
LAN Internet
Firewall -> NAT -> Outbound
Manual Outbound NAT rule generation. If it isn’t created automatically add a rule with the Interface of WAN, source of your internal IP (192.168.1.x/24) leave everything else as default and save.
Hope there is something in there of some use!
WAN&LANare bridged onvmbr2and it's the interface of my proxmox invrack.The block ripe is routed in vrack
Proxmox:
Pfsense:
I don't find a solution
Why the same network config works on a linux ubuntu and not on a ferebsd or pfsense ? That's a bug from the ovh router ? Maybe because the mac address are not real ?
What are you using the vRack for? Would it not be easier to have your IP's attached to the IP pub block? I don't use the vRack as I have no other servers with OVH, but I am guessing you do? OVH's routing is "interesting" to say the least.
I catch different IP's of my bloc RIPE into my vrack with VM's.
I use this system to expose my services in HA.
I want to create two pfsense in mode HA.
Hi,
I also have the same issue on proxmox 5 cluster connected to an ovh vrack. Ubuntu VM can ping the gateway from my IP block RIPE but wan interface of pfsense can't .... Why ubuntu can and pfsens not with the same configuration ?
Do you have any solution ??
thx