just started this whole proxmox journey. my setup was a little different, i had a network card laying around that i added to my proxmox so i assigned 2 seperate port to pfsense. since i didnt have my lan network configured properly i had to desactivate packet filter entirely from wan port temporary and configure it from the ip my modem asigned it. once everything configured as i wanted i shifted the DHCP server from my tp-link router to my pfsense. after that i switched my tp-link router to an AP. really fun project and this video helped me a lot to make sur i started on good base.
I'm SUUUPER new, so this was helpful (but also took a lot of fiddling and watching other tutorials to wrap my head around). My PC has one ethernet port so I'm trying to make the best of that- What I ended up doing was making a second bridge not associated to any hardware, and having that be the primary NIC for my VMs. Put them all on the same subnet, gave pfSense a NIC that's on the same subnet as well as the LAN side and then a virtIO NIC for the WAN side - same interface as my main bridge which is associated with my physical ethernet port. I can access the web portal, but looks like a lot of fiddling to go before these VMs can connect to the internet through pfSense.
I am thinking about virtualizing my PFsense setup I have been using for years to consolidate the number of hardware machines running in my home server room. Thanks for a great walk thru about how to do this.
@johnvanwinkle4351 thank you for the comment! Be sure to join the forums to ask any questions or work through anything there: www.virtualizationhowto.com/community
I like your presentation it is smooth and easy to follow. Often it is the delivery of technical content to the audience that requires an easy to follow demonstrator. Thanks for this as I am setting up my own homelab right now. How many cores on your Proxmox VE node? I have a Quad core Phenom II X4 with 24Gb DDR3 I want to use and Im unsure of using it in this manner..
thx for the video. I was wondering. When you create pfsense as your firewall connecting the internet how will you update the Proxmox hypervisor? If you update it it doesn't have an internet connection anymore because the pfsense VM will go down I guess.
Great content!! Let me ask you, Do you prefer Proxmox or Bare metal installation for a pfsense firewall? if you have vpn and encryption proxmox is giving me performance issues?
Add these two rules to your interfaces file and it will work correctly! post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1 post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
so I have 3 LAN cards in my proxmox, all are connected to the switch, where also cable from the router comes. I understood it is a router (provided by ISP) that deals with IP on the WAN side but here you are saying something different. I am not sure how to connect all these things? Should the cable from the router come directly to the LAN card assigned as WAN on pfsense? and the other cards to the switch? or both: WAN and LAN cards can be connected to the same switch, where the cable from the route comes? can WAN and LAN be in the same segment (192.168.1.x)?
Why no one had an video that shows the configuration when you DON'T have an router before pfsense? What is to do when the pfsense should be the only router so the WAN cable from modem is directly connected to proxmox host?
Hi sir thanks for this amazing vidéo, but please make sure to make a vidéo about how to setup proxmox and configure it to use wifi adapter to be able to connect to wifi because there's no vidéo explain this point all people they use cable to connect there proxmox server please make a vidéo about wifi configuration. Thanks again
Hello, Proxmox And there is 1 pfsense and 1 windows 10 system inside, windows 10 pfsense is behind the lan port. Previously, I was accessing the proxmox web gui interface from Windows 10 with this structure. I forgot to take notes, I don't remember how to adjust it again. What should I do about this issue?
That's always been something I wondered about with vlans or multiple router systems. I would guess you'd have to have a port forwarding rule? To allow that port through from one vlan to another.
Thanks i had issues setting up the ip adresses but after watching your Video after the second installation everything worked fine and i found my mistake
now, tell me about bond vs ovs bond without smart switch... so bonding extra nic's on each proxmox host for server to server and then fix up the isp provided public ip range (5 ip's) on one port from the ISP gateway... ugh not sure where to start... ddwrt was my friend for so long but now I need to grow...
Soooo....we de-compiled Proxmox, and re-scripted it now it works fine. ANY browser can now use it. We can install it in ubuntu with a wrapper. One and done.
@jeffharwood624, thanks for the comment! Sign up on the forums and I would love to have you share this in more detail: www.virtualizationhowto.com/community
Something i don't understand is that vmbr0 is used as WAN in pfsense VM. So thats the bridge to the interface where you will put the ISP cable in. And the LAN => where you put your switches etc. But the other VM's use vmbr0 i guess as default. so they would use the WAN port. which is just the ISP interface. no DHCP server or what so ever. should they use the lan port so vmbr1 then? to get ip etc and be available to access by LAN
The way he showed this was a little confusing, and not likely how one would set this up for production. Most people use PCI pass through for the WAN and LAN network interfaces (NICs), and the vmbr0 for the Proxmox would be on associated with a third NIC, separate from the LAN and WAN. It's more performant and secure to have WAN and LAN NICs passed through to pfsense.
@@renalshomlmes338 It could be either one. More than likely, it would be one card passed through PCIe. I've used intel i340 based cards which typically have 4 ports. I use PCIe pass through for the entire card, then use one port for WAN, and three for LAN. For the NIC on the motherboard, I use that for management of Proxmox itself so it can be still accessed even if pfsense is down for maint or reboot. This would be a typical configuration for a lot of people.
the only problem that virtualised pfsense that it is still connected to you physical upstream firewall, is there a way to directly connect your isp modem to WAN interface of your pfsense?
Alex, thanks for the comment! Yes this is possible. You would need to create a VLAN interface that trunks out to your physical switch. You would then place your ISP modem to this same VLAN. It would then grab an IP and be configured the same as running a cable from the ISP modem directly into a pfsense appliance. Does this help?
I am specifically looking for a training that sets up Proxmox with the intent of using it for OPNsense or pfSense. Every training I see starts with Proxmox already configured. For me I need to know how to configure Proxmox so that it has disks to upload my ISO files. I want to know how to setup Proxmox networking configuration to use with OPNsense . So it would be nice to have a tutorial that starts with a clean appliance that is ready to install Proxmox and OPNsense on. I know there are networking considerations to keep in mind and disk partioning, but I don't see any tutorials for how to configure Proxmox specifically to use it to host a firewall.
Hello, I just put the new virtualized PFsense online, all good but the connectivity seems to be quite slow. It should be around 500m/s but I'm getting 100, any idea where I should look at?
@@VirtualizationHowto Hi mate, thanks for your reply. I'm always using the virtio, turns out it was the speed set to 100m, the auto-sense seems to be a bit strange in my device. I can reach 350 now, not bad but also not what I should see, I will keep monitoring, I'm not super confident this setup is the best though. To be precise, what I think would be better, is using the ethernet port in passthrough, at least the WAN port, I'm a bit worried about having "unfiltered" traffic entering the PVE. The issue is that in my configuration (125c (rev 04)) it didn't work. Did you ever try on yours?
@@zedtrek Having the same issue. Limited to just shy of 100Mb of gigabit connection. How do you change the speed set? I have one VM with E1000 and another with Virtio. Currently running E1000 VM and seeing the 100Mb limit
@@zedtrek right, most people virtualizing pfsense or opnsense will pass through the NICs, it's more secure and more performant. The video should have covered that IMO, or at least discussed it.
@@Zeric1 Hi mate, my comment was quite old, after that (and lot of digging, experiments) I end up reinstalling everything using the NIC in passtrough. It's perfect now, the minipc I'm using it's great, I'm running some.other VMs too on it.
@@VirtualizationHowto VirtIO works much better for me, I have pfsense in VM on Proxmox and I had bandwidth issues with e1000 on pfsense, on VirtIO works perfect. Yeah, on nested enviroment inside VMware its safer to use e1000 (I think VirtIO shouldn't have issues eighter), on bare metal VirtIO is the best choice.
@@VirtualizationHowto oh and if you have faster NICs than 1Gbit/s just also use VirtIO or passthrough NICs to pfsense and for VMs and LXCcontainers inside proxmox use another VirtIO bridge, thats because VirtIO is not limiting your bandwidth to virtualised e1000 hardware
With respect, if you don't understand how to deal with compressed archives then setting up PFSense in a Proxmox VM is too much for you. Slow down and learn the basics before you attempt to tackle stuff like this. Oh and calling the guy a dork when he's obviously way more knowledgable than you is a dick move and one that will discourage people from helping you, and clearly you really need that help.
Proxmox is crap. You cannot access it on first run. I've worked with a lot of QEMU and KVM over the years, I've dealt with those problems, now I am unwilling to deal with more of those problems. Been all over the forums found little to no answers. I am unwilling to pay for support. Been down that road too many times. I'm so done with this.
Ok everyone it's time to abandon Proxmox because Jeff here thinks it's crap lol. Hmm but what Jeff is really telling us is that getting a Proxmox server up and running is beyond his skillset and/or patience and he doesn't want to pay for help. Poor Jeff, let's all send him some hugs.. lol
@@martynwarry6800 That's OK for you to think that. The website speaks for itself. I work cyber. We found four bugs in 7.4.0. and 8.0 six. So before you start hating and mocking, understand this...My clients are attorney's. I work for attorney's. They started questioning their legitimacy when they didn't respond. I responded in kind.BTW, these are the same bugs we found in all variants of Ubuntu. Proxmox has a major problem that's brewing as does Ubuntu. One is memory leaks due to the use of inefficient Kernel. In Ubuntu this shows as a root file space error. Why? Generic kernel's are used on Intel Devices, the more optimized kernel's go to AMD. I was asked to investigate this. And finally, we hit Proxmox with AI....We achieved all the goals we had hoped. We placed objects in Proxmox then the AI test with LUX. We extracted not only the key's to the city LUX key's, we extracted the text files AND remove the Kernel too. AND I got me a Goonie as a grand prize. Woo-hoo.
@@martynwarry6800 So were you duped into buying Chinese e waste or or once overpriced AMD products? Just curious. At 75, I have three degrees, Chemistry, Electronics and Computer Science, plus All Cyber Certificates. CCNA on. These are my skill sets. What are yours?
just started this whole proxmox journey. my setup was a little different, i had a network card laying around that i added to my proxmox so i assigned 2 seperate port to pfsense. since i didnt have my lan network configured properly i had to desactivate packet filter entirely from wan port temporary and configure it from the ip my modem asigned it. once everything configured as i wanted i shifted the DHCP server from my tp-link router to my pfsense. after that i switched my tp-link router to an AP. really fun project and this video helped me a lot to make sur i started on good base.
I'm SUUUPER new, so this was helpful (but also took a lot of fiddling and watching other tutorials to wrap my head around).
My PC has one ethernet port so I'm trying to make the best of that-
What I ended up doing was making a second bridge not associated to any hardware, and having that be the primary NIC for my VMs.
Put them all on the same subnet, gave pfSense a NIC that's on the same subnet as well as the LAN side and then a virtIO NIC for the WAN side - same interface as my main bridge which is associated with my physical ethernet port.
I can access the web portal, but looks like a lot of fiddling to go before these VMs can connect to the internet through pfSense.
I am thinking about virtualizing my PFsense setup I have been using for years to consolidate the number of hardware machines running in my home server room. Thanks for a great walk thru about how to do this.
@johnvanwinkle4351 thank you for the comment! Be sure to join the forums to ask any questions or work through anything there: www.virtualizationhowto.com/community
I like your presentation it is smooth and easy to follow. Often it is the delivery of technical content to the audience that requires an easy to follow demonstrator. Thanks for this as I am setting up my own homelab right now. How many cores on your Proxmox VE node? I have a Quad core Phenom II X4 with 24Gb DDR3 I want to use and Im unsure of using it in this manner..
How do you make sure your home network does not go out when you make changes to your host? Do you keep a pve machine for the fw alone?
thx for the video. I was wondering. When you create pfsense as your firewall connecting the internet how will you update the Proxmox hypervisor? If you update it it doesn't have an internet connection anymore because the pfsense VM will go down I guess.
Great content!! Let me ask you, Do you prefer Proxmox or Bare metal installation for a pfsense firewall? if you have vpn and encryption proxmox is giving me performance issues?
Add these two rules to your interfaces file and it will work correctly!
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
so I have 3 LAN cards in my proxmox, all are connected to the switch, where also cable from the router comes. I understood it is a router (provided by ISP) that deals with IP on the WAN side but here you are saying something different. I am not sure how to connect all these things?
Should the cable from the router come directly to the LAN card assigned as WAN on pfsense? and the other cards to the switch?
or both: WAN and LAN cards can be connected to the same switch, where the cable from the route comes?
can WAN and LAN be in the same segment (192.168.1.x)?
Why no one had an video that shows the configuration when you DON'T have an router before pfsense? What is to do when the pfsense should be the only router so the WAN cable from modem is directly connected to proxmox host?
Literally my same problem rn
@@mr.alkenly889Try to explain, I will try to help out
@@Maik.iptoux there is no proxmox web ui to log into without the network already running inside proxmox
Good video!
Do I have to install this on the first device after the router and then connect all devices through that or no?
Thanks.
Hi sir thanks for this amazing vidéo, but please make sure to make a vidéo about how to setup proxmox and configure it to use wifi adapter to be able to connect to wifi because there's no vidéo explain this point all people they use cable to connect there proxmox server please make a vidéo about wifi configuration. Thanks again
Hello, Proxmox And there is 1 pfsense and 1 windows 10 system inside, windows 10 pfsense is behind the lan port. Previously, I was accessing the proxmox web gui interface from Windows 10 with this structure. I forgot to take notes, I don't remember how to adjust it again. What should I do about this issue?
I wish you showed the creation of the bridge. I'm having an issue on this part where pfsense keeps telling me it doesn't exist after I create it.
dude that intro got me pumped
how do you access the promox web mgmt gui from inside the pfsense lan side of the network?
That's always been something I wondered about with vlans or multiple router systems. I would guess you'd have to have a port forwarding rule? To allow that port through from one vlan to another.
Thanks i had issues setting up the ip adresses but after watching your Video after the second installation everything worked fine and i found my mistake
Awesome! thanks for sharing!
now, tell me about bond vs ovs bond without smart switch... so bonding extra nic's on each proxmox host for server to server and then fix up the isp provided public ip range (5 ip's) on one port from the ISP gateway... ugh not sure where to start... ddwrt was my friend for so long but now I need to grow...
I now have a bare metal server on Hetzner with one IP4 address. How do I do this installation on it?
Soooo....we de-compiled Proxmox, and re-scripted it now it works fine. ANY browser can now use it. We can install it in ubuntu with a wrapper. One and done.
@jeffharwood624, thanks for the comment! Sign up on the forums and I would love to have you share this in more detail: www.virtualizationhowto.com/community
Something i don't understand is that vmbr0 is used as WAN in pfsense VM. So thats the bridge to the interface where you will put the ISP cable in.
And the LAN => where you put your switches etc.
But the other VM's use vmbr0 i guess as default. so they would use the WAN port. which is just the ISP interface. no DHCP server or what so ever. should they use the lan port so vmbr1 then? to get ip etc and be available to access by LAN
The way he showed this was a little confusing, and not likely how one would set this up for production. Most people use PCI pass through for the WAN and LAN network interfaces (NICs), and the vmbr0 for the Proxmox would be on associated with a third NIC, separate from the LAN and WAN. It's more performant and secure to have WAN and LAN NICs passed through to pfsense.
@@Zeric1are you saying to have 3 separate cards, not just ports?
@@renalshomlmes338 It could be either one. More than likely, it would be one card passed through PCIe. I've used intel i340 based cards which typically have 4 ports. I use PCIe pass through for the entire card, then use one port for WAN, and three for LAN. For the NIC on the motherboard, I use that for management of Proxmox itself so it can be still accessed even if pfsense is down for maint or reboot. This would be a typical configuration for a lot of people.
Can you make a video about proxmox errors and how to fix? I keep getting an QEMU error and can't find a fix....
Yes I'm with you. It's frustrating as hell.
the only problem that virtualised pfsense that it is still connected to you physical upstream firewall, is there a way to directly connect your isp modem to WAN interface of your pfsense?
Alex, thanks for the comment! Yes this is possible. You would need to create a VLAN interface that trunks out to your physical switch. You would then place your ISP modem to this same VLAN. It would then grab an IP and be configured the same as running a cable from the ISP modem directly into a pfsense appliance. Does this help?
Hello Brandon, Do you do any consulting at all? This is a good Video but I am having difficulties getting it up and running.
same here the image is not booting.
@@cournal09 Let me know if you need some help....I would be happy to try and get it running for ya.
@@michaelcooper5490 yesterday i got it working, after hours of reading. thanks for responding tho.😁
@@cournal09 Are you trying to load the .gz file? You have to convert to .iso
I am specifically looking for a training that sets up Proxmox with the intent of using it for OPNsense or pfSense. Every training I see starts with Proxmox already configured. For me I need to know how to configure Proxmox so that it has disks to upload my ISO files. I want to know how to setup Proxmox networking configuration to use with OPNsense . So it would be nice to have a tutorial that starts with a clean appliance that is ready to install Proxmox and OPNsense on. I know there are networking considerations to keep in mind and disk partioning, but I don't see any tutorials for how to configure Proxmox specifically to use it to host a firewall.
Check out this channel www.youtube.com/@TechnoTim
yes, thank your, same problem here
i guess they updated this process because once installed the steps are now completely different.
Hello, I just put the new virtualized PFsense online, all good but the connectivity seems to be quite slow. It should be around 500m/s but I'm getting 100, any idea where I should look at?
Reno, do you know what type of virtual network adapter you are using? It sounds like it may not be the VirtIO driver?
@@VirtualizationHowto Hi mate, thanks for your reply. I'm always using the virtio, turns out it was the speed set to 100m, the auto-sense seems to be a bit strange in my device. I can reach 350 now, not bad but also not what I should see, I will keep monitoring, I'm not super confident this setup is the best though. To be precise, what I think would be better, is using the ethernet port in passthrough, at least the WAN port, I'm a bit worried about having "unfiltered" traffic entering the PVE. The issue is that in my configuration (125c (rev 04)) it didn't work. Did you ever try on yours?
@@zedtrek Having the same issue. Limited to just shy of 100Mb of gigabit connection. How do you change the speed set? I have one VM with E1000 and another with Virtio. Currently running E1000 VM and seeing the 100Mb limit
@@zedtrek right, most people virtualizing pfsense or opnsense will pass through the NICs, it's more secure and more performant. The video should have covered that IMO, or at least discussed it.
@@Zeric1 Hi mate, my comment was quite old, after that (and lot of digging, experiments) I end up reinstalling everything using the NIC in passtrough. It's perfect now, the minipc I'm using it's great, I'm running some.other VMs too on it.
Why e1000 network as your putting a demand on cou and vitriol works just fine
This is a nested environment in ESXi where e1000 is a sure bet for compatibility. However, I assume VirtIO would work equally well.
@@VirtualizationHowto VirtIO works much better for me, I have pfsense in VM on Proxmox and I had bandwidth issues with e1000 on pfsense, on VirtIO works perfect. Yeah, on nested enviroment inside VMware its safer to use e1000 (I think VirtIO shouldn't have issues eighter), on bare metal VirtIO is the best choice.
@@VirtualizationHowto oh and if you have faster NICs than 1Gbit/s just also use VirtIO or passthrough NICs to pfsense and for VMs and LXCcontainers inside proxmox use another VirtIO bridge, thats because VirtIO is not limiting your bandwidth to virtualised e1000 hardware
Why not OPNsense?
AdrianuX I have this on my list of things to try :)
the approach is very similar
You jumped the creation of the Virtual Network, "Step-by-setp" FAILED..
;)
bruh you could of explained to just use WAN interface as lan you do not need to have a seperate lan interface
Seriously Dork, your not going to explain how you got around the dot GZ compression?????
No need to be disrespectful, these videos as well as the community are here to help. Just unzip the gz file and the iso should be inside.
If you don't know how to unzip a file, you're probably not going to be virtualizing pfSense in Proxmox.
With respect, if you don't understand how to deal with compressed archives then setting up PFSense in a Proxmox VM is too much for you. Slow down and learn the basics before you attempt to tackle stuff like this. Oh and calling the guy a dork when he's obviously way more knowledgable than you is a dick move and one that will discourage people from helping you, and clearly you really need that help.
Proxmox is crap. You cannot access it on first run. I've worked with a lot of QEMU and KVM over the years, I've dealt with those problems, now I am unwilling to deal with more of those problems. Been all over the forums found little to no answers. I am unwilling to pay for support. Been down that road too many times. I'm so done with this.
Ok everyone it's time to abandon Proxmox because Jeff here thinks it's crap lol. Hmm but what Jeff is really telling us is that getting a Proxmox server up and running is beyond his skillset and/or patience and he doesn't want to pay for help. Poor Jeff, let's all send him some hugs.. lol
@@martynwarry6800 That's OK for you to think that. The website speaks for itself. I work cyber. We found four bugs in 7.4.0. and 8.0 six. So before you start hating and mocking, understand this...My clients are attorney's. I work for attorney's. They started questioning their legitimacy when they didn't respond. I responded in kind.BTW, these are the same bugs we found in all variants of Ubuntu. Proxmox has a major problem that's brewing as does Ubuntu. One is memory leaks due to the use of inefficient Kernel. In Ubuntu this shows as a root file space error. Why? Generic kernel's are used on Intel Devices, the more optimized kernel's go to AMD. I was asked to investigate this. And finally, we hit Proxmox with AI....We achieved all the goals we had hoped. We placed objects in Proxmox then the AI test with LUX. We extracted not only the key's to the city LUX key's, we extracted the text files AND remove the Kernel too. AND I got me a Goonie as a grand prize. Woo-hoo.
@@martynwarry6800 So were you duped into buying Chinese e waste or or once overpriced AMD products? Just curious. At 75, I have three degrees, Chemistry, Electronics and Computer Science, plus All Cyber Certificates. CCNA on. These are my skill sets. What are yours?