Help with OVH + Proxmox + OPNsense/pfSense

Help with OVH + Proxmox + OPNsense/pfSense

sqamsqamsqamsqam Member

Hi,

Ive been trying to sort this out for a few days now and done plenty of googling and playing around.

Anywyas what im trying todo is use a OPNsense vm as a firewall between the rest of my vm's and the outside world.

I have a /28 from ovh and would like to have all my ip's handed out through dhcp.

Ive tried setting up Virtual IP's with 1 to 1 nat and havent had any success.

Ive tried this guide https://www.experts-exchange.com/questions/28523210/How-to-configure-pfSense-with-multiple-WAN-IP-addresses-for-1-1-NAT.html#a40355066 and plenty others but still no success.

Has anyone else here had experience in setting up something similar?

Comments

  • FalzoFalzo Member

    I'd say the approach from the link given is right... assign the same virtual mac to all of the IPs on OVH create your VM for your firewall with that vmac and of course make sure all IPs are added and available in the network config inside

    also use a second bridge for a private network between your VMs . Add a second network interface to your firewall vm with an IP of that private range and also use this to hand out the private IPs to your other guests using the firewall VM as gateway...

    The 1on1 matching for public and private ip per guest has them to be done in your firewall config...

    Makr sure between each step that the IPs are reachable like intended...

    Netcup DE KVM specials: 1vC 1GB 18,88€ or 4vC 4GB 42,88€ yearly with 5€ off 1st order: 36nc15005674359 / 36nc15008174839 UltraVPS.eu KVM in US/NL/DE, 15% off 6months: 1GB & HDD from 2,55€ or 2GB & SSD from 3,83€

  • Yeah ive assigned the same virtual mac to all the ip addresses in the /28 through the ovh manager

    My /etc/network/interfaces on the host looks like this

    auto lo
    iface lo inet loopback
    
    auto vmbr1
    iface vmbr1 inet manual
            post-up /etc/pve/kvm-networking.sh
            bridge_ports dummy0
            bridge_stp off
            bridge_fd 0
    
    auto vmbr0
    iface vmbr0 inet static
            address 139.99.xxx.xxx
            netmask 255.255.255.0
            network 139.99.xxx.0
            broadcast 139.99.xxx.255
            gateway 139.99.xxx.254
            bridge_ports eth0
            bridge_stp off
            bridge_fd 0
    
    auto vmbr2
    iface vmbr2 inet static
        address 192.168.1.254
        netmask 255.255.255.0
        gateway 192.168.1.1
        bridge_ports none
        bridge_stp off
        bridge_fd 0
    

    The thing that i find really odd is if i let my vm's get assigned an ip through dhcp that is not static and not one of the VIP's on the lan interface then they have internet connectivity but the external ip is that of the vm OPNsense is on. As soon as i set up the static dhcp address to assign the VIP from the lan interface it looses all internet connectivity.

  • ihadpihadp Member

    Do you have access to vRack with your server?

    www.whatuptime.com
    Microsoft Windows Templates for Online.net, Kimsufi, DigitalOcean, OVH, Vultr & Much More!

  • @IHaveADarkPassenger said: Do you have access to vRack with your server?

    pretty sure i do.

  • ihadpihadp Member

    @sqamsqam said:

    @IHaveADarkPassenger said: Do you have access to vRack with your server?

    pretty sure i do.

    I have run pfSense + NAT on OVH servers without issue, however in order to get everything running smoothly I had to use the vRack so the IP's would act like a normal IP range assigned to a VLAN as opposed to the way OVH normally handles them.

    1. Create vRack
    2. Assign your IP Range & Server(s) to the vRack
    3. Setup your firewall & bridge to use the physical NIC on the server attached to the vRack.

    Once you have setup the above you handle everything like you would in any other environment outside of OVH. Once you assign your IPs to the vRack you no longer need to use MAC addresses in the OVH portal, assign IPs as you desire, etc.

    Downside is you will lose a couple of IPs once assigned to the vRack for gateway, broadcast, etc.

    www.whatuptime.com
    Microsoft Windows Templates for Online.net, Kimsufi, DigitalOcean, OVH, Vultr & Much More!

  • I will try that after work. Is there any config that I need to do in terms of adding a new bridge for the vrack or will it just work after I have assigned the /28 and server to the vrack?

  • ihadpihadp Member

    @sqamsqam said: I will try that after work. Is there any config that I need to do in terms of adding a new bridge for the vrack or will it just work after I have assigned the /28 and server to the vrack?

    You would need to create a bridge connection in Proxmox for the 2nd NIC (vRack NIC). Once you assign your server & IPs to the vRack you can then begin using them inside Proxmox.

    If you get stuck, ping me and I will see what I can do to help you square it away.

    www.whatuptime.com
    Microsoft Windows Templates for Online.net, Kimsufi, DigitalOcean, OVH, Vultr & Much More!

  • so i can order a vrack but its not currently available in Sydney.. guess im gonna have to wait.

Sign In or Register to comment.