Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Proxmox + OPNSense Setup
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Proxmox + OPNSense Setup

Petey_LongPetey_Long Member
edited January 10 in Help

Note: I'm terrible with networking

What I'm looking to accomplish seems simple in my head but given my terrible networking skills, it's seemingly more complex than it needs to be.

Here's my network interface list:

Name / Type / Active / Autostart / VLAN Aware / Ports-Slaves / Bond Mode / CIDR / Gateway 
enp35s0 - Network Device - Yes - No - No - null - null - null - null 
enp36s0 - Network Device - No - No - No - null - null - null - null 
enxca0af1 - Network Device - No - No - No - null - null - null - null 
vmbr0 - Linux Bridge - Yes - Yes - No - enp35s0 - null - a.a.a.a/29 - a.a.a.169 
vmbr1 - Linux Brudge - Yes - Yes - No - null - null - 10.10.10.10.1/24 - null 

I've got 2 public IP addresses

What I'd like to do is set up a.a.a.a to exclusively access/manage proxmox and set b.b.b.b to route external traffic to the VMs/containers

From what I gathered, I need to install an OPNSense VM accomplish the latter - but given I'm not even sure how to get the former working, that's a far and away step #2 for me.

Any help would be greatly appreciated!!!

Comments

  • dev_vpsdev_vps Member
    edited January 11

    Step 1: Configure Proxmox Management IP

    1. Edit the Network Configuration:

      • Access your Proxmox server via SSH or directly through the console.
      • Open the network configuration file: /etc/network/interfaces.
    2. Update the Configuration:

      • Ensure that vmbr0 is configured with the IP address a.a.a.a for Proxmox management. Your configuration should look something like this:

        auto vmbr0
        iface vmbr0 inet static
         address a.a.a.a
         netmask 255.255.255.248  # Adjust according to your CIDR
         gateway a.a.a.169
         bridge_ports enp35s0
         bridge_stp off
         bridge_fd 0
        
    3. Restart Networking:

      • Apply the changes by restarting the networking service: systemctl restart networking or reboot the server.

    Step 2: Prepare for External Traffic Routing

    1. Reserve the Second Public IP:

      • Ensure that the IP b.b.b.b is not used by any other service or device and is reserved for routing traffic to your VMs/containers.
    2. Install OPNSense:

      • Create a new VM in Proxmox and install OPNSense. Assign it a virtual NIC connected to vmbr0 for WAN access and another NIC connected to a separate bridge (e.g., vmbr1) for LAN.
    3. Configure OPNSense:

      • Set up the WAN interface with the IP b.b.b.b.
      • Configure the LAN interface with a private IP range (e.g., 10.0.0.1/24).
      • Set up NAT and firewall rules in OPNSense to route traffic from b.b.b.b to your VMs.

    Step 3: Configure VMs/Containers

    1. Connect VMs to LAN Bridge:

      • Ensure your VMs/containers are connected to the LAN bridge (e.g., vmbr1) and have IPs in the same range as the OPNSense LAN interface.
    2. Set OPNSense as Gateway:

      • Configure the VMs/containers to use the OPNSense LAN IP as their default gateway.

    By following these steps, you should have Proxmox management traffic isolated to a.a.a.a and external traffic routed through b.b.b.b using OPNSense.

  • In terms even I can understand. Really awesome of you man, thank you! Step #1 was the step seemingly getting into my way of accidentally stumbling into making things work.

    Time to give it a spin!

  • Got what I could set up for the night (right up until the last step) and found a tutorial I think will get me the rest of the way down the road

    https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-opnsense-nat (for anyone else who may be interested)

Sign In or Register to comment.