Это видео недоступно.
Сожалеем об этом.
pfSense on Proxmox installation and configuration - Step-by-step
HTML-код
- Опубликовано: 18 авг 2024
- What is better than one open-source tool? How about two?! Proxmox and pfSense are two great open-source tools. The pfSense firewall is a well-known enterprise-grade firewall that has many features and capabilities. Proxmox is a great open-source hypervisor. In this video, we take a look at pfsense on Proxmox installation and configuration and see how we can easily get pfSense installed on Proxmox in the home lab environment.
Subscribe to the channel: / @virtualizationhowto
My blog: www.virtualiza...
_____________________________________________________
Social Media: / vspinmaster
LinkedIn: / brandon-lee-vht
Github: github.com/bra...
Introduction - 0:00
Looking at the network configuration on our Proxmox host - 0:37
Looking at the default bridge with the Proxmox server - 1:24
Creating another network bridge in Proxmox to use for the LAN network - 1:42
Uploading the pfSense installation media to Proxmox - 2:00
Uploading the pfSense CE ISO to Proxmox - 2:36
Creating the pfSense virtual machine in Proxmox - 3:03
Adding the network adapters to the pfSense Promox virtual machine - 4:16
Adding the WAN side connection for pfSense - 4:47
Adding another network adapter to pfSense for the LAN side - 5:22
Powering on the pfSense virtual machine in Proxmox and connecting to the console - 6:00
Running through the initial installation options - 6:10
Installation is finished manual modifications and reboot - 6:41
Text-based configuration allows verifying the network configuration - 7:00
Configuring a new LAN IP address for pfSense - 7:38
Reviewing the configuration changes - 8:13
Describing the high-level configuration most will have from an ISP for pfSense - 8:21
Using a computer on the same LAN segment to finish the web-based configuration wizard - 8:53
Signing into the web-based wizard - 9:15
Stepping through the configuration wizard process - 9:22
Another option to configure WAN and other DHCP configuration - 9:50
LAN configuration if you want - 10:12
Setting the admin password and reloading the configuration changes - 10:17
Looking at the main dashboard of pfSense after finishing the web-based configuration - 10:35
Concluding thoughts and wrapping up pfSense installation on Proxmox - 11:05
Take a look at the written form of this information here:
- www.virtualiza...
just started this whole proxmox journey. my setup was a little different, i had a network card laying around that i added to my proxmox so i assigned 2 seperate port to pfsense. since i didnt have my lan network configured properly i had to desactivate packet filter entirely from wan port temporary and configure it from the ip my modem asigned it. once everything configured as i wanted i shifted the DHCP server from my tp-link router to my pfsense. after that i switched my tp-link router to an AP. really fun project and this video helped me a lot to make sur i started on good base.
I'm SUUUPER new, so this was helpful (but also took a lot of fiddling and watching other tutorials to wrap my head around).
My PC has one ethernet port so I'm trying to make the best of that-
What I ended up doing was making a second bridge not associated to any hardware, and having that be the primary NIC for my VMs.
Put them all on the same subnet, gave pfSense a NIC that's on the same subnet as well as the LAN side and then a virtIO NIC for the WAN side - same interface as my main bridge which is associated with my physical ethernet port.
I can access the web portal, but looks like a lot of fiddling to go before these VMs can connect to the internet through pfSense.
I am thinking about virtualizing my PFsense setup I have been using for years to consolidate the number of hardware machines running in my home server room. Thanks for a great walk thru about how to do this.
@johnvanwinkle4351 thank you for the comment! Be sure to join the forums to ask any questions or work through anything there: www.virtualizationhowto.com/community
Add these two rules to your interfaces file and it will work correctly!
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
Why no one had an video that shows the configuration when you DON'T have an router before pfsense? What is to do when the pfsense should be the only router so the WAN cable from modem is directly connected to proxmox host?
Literally my same problem rn
@@mr.alkenly889Try to explain, I will try to help out
@@Maik.iptoux there is no proxmox web ui to log into without the network already running inside proxmox
How do you make sure your home network does not go out when you make changes to your host? Do you keep a pve machine for the fw alone?
You jumped the creation of the Virtual Network, "Step-by-setp" FAILED..
What do you think, what is the argument for or against the other aproach when in pve you share a dedicated pcie network card directly to the pfSense as WAN, and use the default pve gateway as lan? No WAN traffic reaches the hosts kernel.
Hi sir thanks for this amazing vidéo, but please make sure to make a vidéo about how to setup proxmox and configure it to use wifi adapter to be able to connect to wifi because there's no vidéo explain this point all people they use cable to connect there proxmox server please make a vidéo about wifi configuration. Thanks again
dude that intro got me pumped
Thanks i had issues setting up the ip adresses but after watching your Video after the second installation everything worked fine and i found my mistake
Awesome! thanks for sharing!
how do you access the promox web mgmt gui from inside the pfsense lan side of the network?
That's always been something I wondered about with vlans or multiple router systems. I would guess you'd have to have a port forwarding rule? To allow that port through from one vlan to another.
Something i don't understand is that vmbr0 is used as WAN in pfsense VM. So thats the bridge to the interface where you will put the ISP cable in.
And the LAN => where you put your switches etc.
But the other VM's use vmbr0 i guess as default. so they would use the WAN port. which is just the ISP interface. no DHCP server or what so ever. should they use the lan port so vmbr1 then? to get ip etc and be available to access by LAN
The way he showed this was a little confusing, and not likely how one would set this up for production. Most people use PCI pass through for the WAN and LAN network interfaces (NICs), and the vmbr0 for the Proxmox would be on associated with a third NIC, separate from the LAN and WAN. It's more performant and secure to have WAN and LAN NICs passed through to pfsense.
@@Zeric1are you saying to have 3 separate cards, not just ports?
@@renalshomlmes338 It could be either one. More than likely, it would be one card passed through PCIe. I've used intel i340 based cards which typically have 4 ports. I use PCIe pass through for the entire card, then use one port for WAN, and three for LAN. For the NIC on the motherboard, I use that for management of Proxmox itself so it can be still accessed even if pfsense is down for maint or reboot. This would be a typical configuration for a lot of people.
thx for the video. I was wondering. When you create pfsense as your firewall connecting the internet how will you update the Proxmox hypervisor? If you update it it doesn't have an internet connection anymore because the pfsense VM will go down I guess.
I like your presentation it is smooth and easy to follow. Often it is the delivery of technical content to the audience that requires an easy to follow demonstrator. Thanks for this as I am setting up my own homelab right now. How many cores on your Proxmox VE node? I have a Quad core Phenom II X4 with 24Gb DDR3 I want to use and Im unsure of using it in this manner..
Good video!
What if I use the single Ethernet port on my pc for the WAN and use the 8 other 1G Ethernet ports that I have among 2x NICS on the same machine as my LAN. Do I have to assign all 8 of those interfaces for LAN?
I am specifically looking for a training that sets up Proxmox with the intent of using it for OPNsense or pfSense. Every training I see starts with Proxmox already configured. For me I need to know how to configure Proxmox so that it has disks to upload my ISO files. I want to know how to setup Proxmox networking configuration to use with OPNsense . So it would be nice to have a tutorial that starts with a clean appliance that is ready to install Proxmox and OPNsense on. I know there are networking considerations to keep in mind and disk partioning, but I don't see any tutorials for how to configure Proxmox specifically to use it to host a firewall.
Check out this channel www.youtube.com/@TechnoTim
yes, thank your, same problem here
I wish you showed the creation of the bridge. I'm having an issue on this part where pfsense keeps telling me it doesn't exist after I create it.
Thanks.
Soooo....we de-compiled Proxmox, and re-scripted it now it works fine. ANY browser can now use it. We can install it in ubuntu with a wrapper. One and done.
@jeffharwood624, thanks for the comment! Sign up on the forums and I would love to have you share this in more detail: www.virtualizationhowto.com/community
Hello, Proxmox And there is 1 pfsense and 1 windows 10 system inside, windows 10 pfsense is behind the lan port. Previously, I was accessing the proxmox web gui interface from Windows 10 with this structure. I forgot to take notes, I don't remember how to adjust it again. What should I do about this issue?
Can you make a video about proxmox errors and how to fix? I keep getting an QEMU error and can't find a fix....
Yes I'm with you. It's frustrating as hell.
now, tell me about bond vs ovs bond without smart switch... so bonding extra nic's on each proxmox host for server to server and then fix up the isp provided public ip range (5 ip's) on one port from the ISP gateway... ugh not sure where to start... ddwrt was my friend for so long but now I need to grow...
so I have 3 LAN cards in my proxmox, all are connected to the switch, where also cable from the router comes. I understood it is a router (provided by ISP) that deals with IP on the WAN side but here you are saying something different. I am not sure how to connect all these things?
Should the cable from the router come directly to the LAN card assigned as WAN on pfsense? and the other cards to the switch?
or both: WAN and LAN cards can be connected to the same switch, where the cable from the route comes?
can WAN and LAN be in the same segment (192.168.1.x)?
I now have a bare metal server on Hetzner with one IP4 address. How do I do this installation on it?
the only problem that virtualised pfsense that it is still connected to you physical upstream firewall, is there a way to directly connect your isp modem to WAN interface of your pfsense?
Alex, thanks for the comment! Yes this is possible. You would need to create a VLAN interface that trunks out to your physical switch. You would then place your ISP modem to this same VLAN. It would then grab an IP and be configured the same as running a cable from the ISP modem directly into a pfsense appliance. Does this help?
Do I have to install this on the first device after the router and then connect all devices through that or no?
i guess they updated this process because once installed the steps are now completely different.
Great content!! Let me ask you, Do you prefer Proxmox or Bare metal installation for a pfsense firewall? if you have vpn and encryption proxmox is giving me performance issues?
Hello Brandon, Do you do any consulting at all? This is a good Video but I am having difficulties getting it up and running.
same here the image is not booting.
@@cournal09 Let me know if you need some help....I would be happy to try and get it running for ya.
@@michaelcooper5490 yesterday i got it working, after hours of reading. thanks for responding tho.😁
@@cournal09 Are you trying to load the .gz file? You have to convert to .iso
Why e1000 network as your putting a demand on cou and vitriol works just fine
This is a nested environment in ESXi where e1000 is a sure bet for compatibility. However, I assume VirtIO would work equally well.
@@VirtualizationHowto VirtIO works much better for me, I have pfsense in VM on Proxmox and I had bandwidth issues with e1000 on pfsense, on VirtIO works perfect. Yeah, on nested enviroment inside VMware its safer to use e1000 (I think VirtIO shouldn't have issues eighter), on bare metal VirtIO is the best choice.
@@VirtualizationHowto oh and if you have faster NICs than 1Gbit/s just also use VirtIO or passthrough NICs to pfsense and for VMs and LXCcontainers inside proxmox use another VirtIO bridge, thats because VirtIO is not limiting your bandwidth to virtualised e1000 hardware
Hello, I just put the new virtualized PFsense online, all good but the connectivity seems to be quite slow. It should be around 500m/s but I'm getting 100, any idea where I should look at?
Reno, do you know what type of virtual network adapter you are using? It sounds like it may not be the VirtIO driver?
@@VirtualizationHowto Hi mate, thanks for your reply. I'm always using the virtio, turns out it was the speed set to 100m, the auto-sense seems to be a bit strange in my device. I can reach 350 now, not bad but also not what I should see, I will keep monitoring, I'm not super confident this setup is the best though. To be precise, what I think would be better, is using the ethernet port in passthrough, at least the WAN port, I'm a bit worried about having "unfiltered" traffic entering the PVE. The issue is that in my configuration (125c (rev 04)) it didn't work. Did you ever try on yours?
@@zedtrek Having the same issue. Limited to just shy of 100Mb of gigabit connection. How do you change the speed set? I have one VM with E1000 and another with Virtio. Currently running E1000 VM and seeing the 100Mb limit
@@zedtrek right, most people virtualizing pfsense or opnsense will pass through the NICs, it's more secure and more performant. The video should have covered that IMO, or at least discussed it.
@@Zeric1 Hi mate, my comment was quite old, after that (and lot of digging, experiments) I end up reinstalling everything using the NIC in passtrough. It's perfect now, the minipc I'm using it's great, I'm running some.other VMs too on it.
Why not OPNsense?
AdrianuX I have this on my list of things to try :)
the approach is very similar
bruh you could of explained to just use WAN interface as lan you do not need to have a seperate lan interface
;)
Seriously Dork, your not going to explain how you got around the dot GZ compression?????
No need to be disrespectful, these videos as well as the community are here to help. Just unzip the gz file and the iso should be inside.
If you don't know how to unzip a file, you're probably not going to be virtualizing pfSense in Proxmox.
With respect, if you don't understand how to deal with compressed archives then setting up PFSense in a Proxmox VM is too much for you. Slow down and learn the basics before you attempt to tackle stuff like this. Oh and calling the guy a dork when he's obviously way more knowledgable than you is a dick move and one that will discourage people from helping you, and clearly you really need that help.
Proxmox is crap. You cannot access it on first run. I've worked with a lot of QEMU and KVM over the years, I've dealt with those problems, now I am unwilling to deal with more of those problems. Been all over the forums found little to no answers. I am unwilling to pay for support. Been down that road too many times. I'm so done with this.
Ok everyone it's time to abandon Proxmox because Jeff here thinks it's crap lol. Hmm but what Jeff is really telling us is that getting a Proxmox server up and running is beyond his skillset and/or patience and he doesn't want to pay for help. Poor Jeff, let's all send him some hugs.. lol
@@martynwarry6800 That's OK for you to think that. The website speaks for itself. I work cyber. We found four bugs in 7.4.0. and 8.0 six. So before you start hating and mocking, understand this...My clients are attorney's. I work for attorney's. They started questioning their legitimacy when they didn't respond. I responded in kind.BTW, these are the same bugs we found in all variants of Ubuntu. Proxmox has a major problem that's brewing as does Ubuntu. One is memory leaks due to the use of inefficient Kernel. In Ubuntu this shows as a root file space error. Why? Generic kernel's are used on Intel Devices, the more optimized kernel's go to AMD. I was asked to investigate this. And finally, we hit Proxmox with AI....We achieved all the goals we had hoped. We placed objects in Proxmox then the AI test with LUX. We extracted not only the key's to the city LUX key's, we extracted the text files AND remove the Kernel too. AND I got me a Goonie as a grand prize. Woo-hoo.
@@martynwarry6800 So were you duped into buying Chinese e waste or or once overpriced AMD products? Just curious. At 75, I have three degrees, Chemistry, Electronics and Computer Science, plus All Cyber Certificates. CCNA on. These are my skill sets. What are yours?