Great tutorial! Well explained and good quality. Could possibly make tutorial of using the same kind of setup to route traffic of your VM's or CT's through pfSense which then routes it via VPN to WAN?
Thank you for your comment! I am currently working on a video on using VLAN's setup in pfSense on Proxmox. I am planing on making a video on VPN for this setup in the future.
Great video m8. I only have one network interface (auto created bridge vmbr0 that I plan to use for the wan) and I dont understand the part that you say I can just use the default one for the second one (the lan). Should I make a virtual bridge and leave everything blank?
I'm happy the video somewhat helped you! This might help you the rest of the way: th-cam.com/video/K1bFlidurgQ/w-d-xo.htmlsi=aVFa_3fGcUDHgldC There is a term for what you want to do which is router on a stick. Just in case you need to search for something and I am slow to answer.
Happy you like it! Yes, it is absolutely possible to do a setup like that. That is called router on a stick. You will still need you ISP router to be the gateway router in that case, but it is very doable! There is a guy on the discord server doing exactly that. If you run into issues, you can hop on there to ask. Best of luck!
thanks for the tutorial you helped me, I have an important question I would like the server to be in DMZ but I can't understand one thing, I have to put the IP of the proxmox Server or the IP of the Pfsense VM created on the server in the DMZ proxmox ?
Happy the video was helpfull! If I understand correctly, you have a server connected to pfSense which is running on Proxmox? The server in the DMZ zone should just be connected to pfSense and not be able to access Proxmox. If I didn't understand correctly, you can come over to the discord server i have set up. Here you can show me a bit more of your setup.
Please show real world example. Where we have fanless setup. With 4 interfaces. Install proxmox which uses vmbr0 which is mapped to interface X. We plug a internet cable inside. Now we can access the host theough our lan. Install opnsense. And then? We set anothwr port as wan? How will we access proxmox if we plugin isp into the wan. And remove our old router?
Hello! What I have done in similar situations is setting up the LAN side first. During the setup of Proxmox I set a static IP address on the planed lan. Then I setup the WAN interface directly. I'm a bit knocked out today so not the best explanation, but i have thought about making a homelab setup of Proxmox with router and other network parts. Just a bit of a time constraint in my life for the time.
Hello thank you for this great video. I have an Intel I5 nuc and two network cards I would like to install proxmox, opnesense, homes assistant and docker. after installation is it possible to ensure that all network management goes through opnsense and not proxmox?. Thank you in advance for your response. Cordially I apologize for spelling mistakes I go through a translator
Hello! I am glad you like the video! You can PCI passthrough the two network ports directly to opnsense, but I have so far not had any problems using Linux bridges in Proxmox. If you wish to setup VLAN'S, that can also easily be done. If you wish to pass through both network interfaces, you should add a third backup USB interface. Hope I understood correctly!
zfs didnt work nicely with hyperv vm, it reserves quickly all space allocated to hard drive. UFS seems to work better. Dont know if situation is same with proxmox.
That is how zfs is if it gets free access to memory, from what I have seen. The server I am running this on is not setup with zfs, but I have never had any trouble with using zfs on pfSense. I do not know how it is with Hyperv but if you wish to use zfs in Proxmox, you are able to limit the amount of memory zfs can grab.
That's not about RAM, it's about cow (copy-on-write). Though it's true, ZFS eats RAM like a child with ice cream... Instead of overwriting, it uses free blocks. And since the underlying disk is a thin provisioned virtual drive, this causes a hasty fill on the host side. Besides, for various reasons, ZFS want to access the hard drive itself. It's not just a file system. UFS should be preferred. Or better, pass disk hardware through, if possible.
Hi i have build a PROXMOX lab using a laptop with one nic setup, now i want to configure a pfsense firewall in this lab with same setup. In this situation how can i configure the pfsense firewall in this lab with one nic setup??? Thanks in advance
For setting up and giving IP addresses to virtual machines this should be no problem. Then i would use the same virtual bridge Proxmox is using as the WAN interface on pfSense. And then create a virtual bridge for the LAN that has no physical interface connected, but can be used as the network interface for other VM's. Is it something like this you wish to do or were you thinking about something else?
@@meerhassan8066 First of all. Thank you for the question! It got me looking into something I have not thought about before and it works. You will still need to use your regular router and you can/should not enable DHCP on pfSense. You will have to set a static IP on everything you wish to connect to pfSense instead of your other router. I tested with A VM, wired pc and phone on WLAN. Everything was able to connect through pfSense. I can try to make a video on it, but i can promise i will be fast about it. I'm new and slow when it comes to the video tutorial field.
@@Divgitally I installed it already all VM's working great, but I cant connect my home devices to the VM's and I cant access it because they are behind Pfsense and in a different subnet.
@@MontaAJamy You can open ports from the "WAN" side into your pfSense network. For example you can open and nat the RDP port (3389) to a Windows VM. This can be done with any service/port you wish to access from the inside of the pfSense LAN.
I use 2 external network cards for pfSense and the internal for Proxmox. What you can do if you only have 2 is adding an IP to the interface used for lan in pfSense, then you can reach Proxmox from the pfSense lan. This is done in network on the Proxmox node.
@@Divgitally Ohh thats realy nice !! Well only thing i do not understand is how I have a dedicated server so with proxmox so i have proxmox to pfsense and then i want pfsense to vmware, But i do not understand how that is going to communicate to each other. and how to set it up right, Because i get allot of people to me YHEA YOU DID THIS WRONG THAT but i just learning and they dont want to say the correct way, Like if there is no correct way of doing it.
@@Punchmememe I'll absolutely give it a try explaining! I might be guessing completely wrong but in the video description i have added a link to discord where you can show me some pictures to help me understand. What it seems is that you have a physical machine with Proxmox and on that you have a VM with pfSense. You have another physical machine with vmware of some sort which you want to be connected to the network provided by pfSense. What you need is to have 2 physical network interfaces connected to pfSense. 1 for network inn "WAN" and 1 for network out "LAN" you should then be able to connect the lan port of pfSense directly to the physical machine with vmware or a switch so you can connect even more devices to your pfSense lan. I kind of explain some of that in my video about VLAN's in pfSense. I am thinking of doing a series setting up a homelab from scratch including more of the physical parts to it. cant promise I'll be quick about it so its more easy to ask me for now.
@@Divgitally thanks man this helped allot! Only issue is that i have one nic. So if i get this right Make a vmbr0 thats connected to the eno1 (internet) And a Vmbr1 That is for lan only so does not matter if its connected to a real network. And to let it connect I only have to add “vmbr1” to a vm and configure the rest before hand inside pfsense?
@@Punchmememe Good to hear i wasn't way off! You don't need to have a second physical nic. You can add one later if you decide to. I have been using the cheapest 1gig usb nic's i can get my hands on. I'm guessing you have another router at home where everything is connected to including vmbr0 on Proxmox. To start learning, I would keep vmbr0 connected to the home network and use it as WAN for pfSense. Then create vmbr1 as a LAN for my virtual machines on Proxmox Before connecting it directly to the internet, I would add 1 physical nic and create vmbr2 then use that as wan for pfSense. Then you can keep using your home router and connect to Proxmox through that and vmbr0. You can add a third nic depending on how you want your lab network to be but no reason rushing into it! Do it at your own pace, the most important thing is to have fun with it!
Whats you oppinion in opnsense ? Isnt it better ? I'd like to make an opnsense / nas for photo media storage on an old pc with 4c4t proc, 8gb ram (i can upgrade to 16) 128gb nvme and an 6tb external drive
To be honest, i have not used opnsense much but might be time to actually use it. All I can say other than that is that it might be better, I just don't know. When it comes to memory, some nas software say that they need some amount for the os and then 1GB memory per terabyte of storage. On my Openmediavault server with 4 terabyte of storage, I have given a total of 4GB memory without trouble. I would give it a try and then upgrade later if you see a need for it. I have never had trouble with Proxmox when upgrading memory. Best of luck on the project! And just ask if you have any questions and I will try to answer.
If you use it as your router, there is a setting where you can enable access to the gui from WAN. I recommend you dont do that and use something like a VPN instead. Not sure if I understood you correctly, so go ahead and correct me if I'm wrong
@@Divgitally hi thanks for your reply so i could give you like a breake down of what i have have some issue which has been driving me crazy, i have proxmox on my server and only have two nic ports , i used one for t-he management port on proxmox and the other is what i have left to run pf sesne , this is my set up i create a bridge without an ip address the second nic as a slave port and create a bridge which is connected to nothing and use it as my lan port , my issue now is that when i complete installation nd want to access pf sesne with e wan ip address it doesn't allow me, is there something i am missing and is there a way i can walk through it
@@Divgitally and just to clearify i am using this as a router for my home lab , but i also want to be able to connect to it through vpn when i am not home
@@teesec3978 ok. What you can do is setting it up like a router on a stick, but then what you need is a switch that can handle VLAN's. We have been through it with a guy doing something similar on the Discord server i set up. But in broad strokes, you set up something like VLAN 10 on 2 ports. one "access" for WAN and one "trunk" port with all VLAN's to use with pfSense. With pfSense up and running, create something like VLAN 20 for LAN that you set all other ports as access. I have done that to test myself, but I screw up to much to have that be a viable way so i just use a USB nic for either the management or WAN interface. For VPN you can take a look at tailscale or twingate. They can be a bit annoying at times, but useful when they work as intended.
So let me get this right, you set a Proxmox behind a router to make a router inside proxmox for the intern network? Why would I virtualize a router/firewall if I have a router in front of the proxmox? Don’t get me wrong, no critics I’m trying to understand. Isn’t a optimal network supposed to be: Internet(WAN) -> Firewall pfSense -> Proxmox/Home network etc. What I see in ur video is: WAN -> Router -> Proxmox -> pfSense/router -> Home network. Which means ur Proxmox is standing with its naked ass in the internet?
Hello. You are completely right that the setup is not optimal the way it looks here. I mostly wanted to show what had to be done to get pfSense up and running on Proxmox, but I see that I could have been more clear on that. The way I am working to set it up now is for it to be its own parallel network within Proxmox accessible from my home network (also pfSense) and the virtual machines contained as a lab network. You can also change the networking so Proxmox is behind pfSense and discard the router that might be in front. Thank you for the message. It helps me see things from a different side than I am used to tinkering with this by myself.
@@Divgitally "You can also change the networking so Proxmox is behind pfSense and discard the router that might be in front." Do you mind explain how to accomplish this?
@Alex Han when you are setting up the LAN interface for pfSense, you can also type in an ip address for the interface in the range of the network you are planning to use as LAN or VLAN on pfSense. That way, you can access Proxmox from both or as many lan/Vlans as you wish. Tell me if anything is unclear, and I'll try to do better.
@@Divgitally can you make a quick video on how proxmox and pfsense should be configured in that scenario? or maybe "convert" your reply to a few steps we can follow?
@@jointdoggg Hello, I can try to make something to explain networking on Proxmox and how to use the virtual bridges. I just can't promise that I will be fast.
Simplest and yet quality. No geeky comments, just straight forward. This what we need
Thank you! I really appreciate you message! This was what I wanted when setting up something new.
Great tutorials!
Short videos, very clear steps and easy to follow.
I do hope you will continue this awesome series!
Thank you for the message! I am working on more inbetween when I have the time.
No BS, straigh to the business no details skipped. Love it! Thx a lot!
Hello. Thank you for the message. It really means a lot! I'm really glad you found the video useful!
@@Divgitallyabsolutely, please keep it up!
I have no plans on quitting! My only problem is days being to short lately!
Awesome tutorial!
Thank you for your comment, it means a lot!
Great tutorial! Well explained and good quality.
Could possibly make tutorial of using the same kind of setup to route traffic of your VM's or CT's through pfSense which then routes it via VPN to WAN?
Thank you for your comment!
I am currently working on a video on using VLAN's setup in pfSense on Proxmox. I am planing on making a video on VPN for this setup in the future.
Great video m8. I only have one network interface (auto created bridge vmbr0 that I plan to use for the wan) and I dont understand the part that you say I can just use the default one for the second one (the lan). Should I make a virtual bridge and leave everything blank?
I'm happy the video somewhat helped you! This might help you the rest of the way: th-cam.com/video/K1bFlidurgQ/w-d-xo.htmlsi=aVFa_3fGcUDHgldC
There is a term for what you want to do which is router on a stick. Just in case you need to search for something and I am slow to answer.
Your the GOAT
Haha, thank you! I really appreciate messages like this!
Great video! Is it possible to use pfsense with only one hw NIC and a vlan switch in front? And then tag all connections throughout my network?
Happy you like it!
Yes, it is absolutely possible to do a setup like that. That is called router on a stick. You will still need you ISP router to be the gateway router in that case, but it is very doable! There is a guy on the discord server doing exactly that. If you run into issues, you can hop on there to ask.
Best of luck!
thanks for the tutorial you helped me, I have an important question I would like the server to be in DMZ but I can't understand one thing, I have to put the IP of the proxmox Server or the IP of the Pfsense VM created on the server in the DMZ proxmox ?
Happy the video was helpfull! If I understand correctly, you have a server connected to pfSense which is running on Proxmox? The server in the DMZ zone should just be connected to pfSense and not be able to access Proxmox.
If I didn't understand correctly, you can come over to the discord server i have set up. Here you can show me a bit more of your setup.
Please show real world example. Where we have fanless setup. With 4 interfaces. Install proxmox which uses vmbr0 which is mapped to interface X. We plug a internet cable inside. Now we can access the host theough our lan. Install opnsense. And then? We set anothwr port as wan? How will we access proxmox if we plugin isp into the wan. And remove our old router?
Hello! What I have done in similar situations is setting up the LAN side first. During the setup of Proxmox I set a static IP address on the planed lan. Then I setup the WAN interface directly.
I'm a bit knocked out today so not the best explanation, but i have thought about making a homelab setup of Proxmox with router and other network parts. Just a bit of a time constraint in my life for the time.
Hello thank you for this great video.
I have an Intel I5 nuc and two network cards I would like to install proxmox, opnesense, homes assistant and docker.
after installation is it possible to ensure that all network management goes through opnsense and not proxmox?.
Thank you in advance for your response.
Cordially
I apologize for spelling mistakes I go through a translator
Hello! I am glad you like the video!
You can PCI passthrough the two network ports directly to opnsense, but I have so far not had any problems using Linux bridges in Proxmox.
If you wish to setup VLAN'S, that can also easily be done.
If you wish to pass through both network interfaces, you should add a third backup USB interface.
Hope I understood correctly!
zfs didnt work nicely with hyperv vm, it reserves quickly all space allocated to hard drive. UFS seems to work better. Dont know if situation is same with proxmox.
That is how zfs is if it gets free access to memory, from what I have seen. The server I am running this on is not setup with zfs, but I have never had any trouble with using zfs on pfSense.
I do not know how it is with Hyperv but if you wish to use zfs in Proxmox, you are able to limit the amount of memory zfs can grab.
That's not about RAM, it's about cow (copy-on-write). Though it's true, ZFS eats RAM like a child with ice cream...
Instead of overwriting, it uses free blocks. And since the underlying disk is a thin provisioned virtual drive, this causes a hasty fill on the host side.
Besides, for various reasons, ZFS want to access the hard drive itself. It's not just a file system.
UFS should be preferred.
Or better, pass disk hardware through, if possible.
Hi i have build a PROXMOX lab using a laptop with one nic setup, now i want to configure a pfsense firewall in this lab with same setup. In this situation how can i configure the pfsense firewall in this lab with one nic setup???
Thanks in advance
For setting up and giving IP addresses to virtual machines this should be no problem. Then i would use the same virtual bridge Proxmox is using as the WAN interface on pfSense. And then create a virtual bridge for the LAN that has no physical interface connected, but can be used as the network interface for other VM's.
Is it something like this you wish to do or were you thinking about something else?
@@Divgitally yes but i also want to connect my all other device that are not in the proxmox. So can you make a video tutorial on it..
@@meerhassan8066 First of all. Thank you for the question! It got me looking into something I have not thought about before and it works. You will still need to use your regular router and you can/should not enable DHCP on pfSense. You will have to set a static IP on everything you wish to connect to pfSense instead of your other router.
I tested with A VM, wired pc and phone on WLAN. Everything was able to connect through pfSense.
I can try to make a video on it, but i can promise i will be fast about it. I'm new and slow when it comes to the video tutorial field.
@@Divgitally I installed it already all VM's working great, but I cant connect my home devices to the VM's and I cant access it because they are behind Pfsense and in a different subnet.
@@MontaAJamy You can open ports from the "WAN" side into your pfSense network. For example you can open and nat the RDP port (3389) to a Windows VM. This can be done with any service/port you wish to access from the inside of the pfSense LAN.
How do I connect to the Proxmox host if I use the two network interfaces for the pfsense VM?
I use 2 external network cards for pfSense and the internal for Proxmox. What you can do if you only have 2 is adding an IP to the interface used for lan in pfSense, then you can reach Proxmox from the pfSense lan.
This is done in network on the Proxmox node.
okey now i need to learn how to use pfsense in proxmox to windows thingi's and ubuntu.
There really is a lot of fun things you can do with a setup like this! Include a bit of Docker and there is not much that can stop you!
@@Divgitally Ohh thats realy nice !!
Well only thing i do not understand is how
I have a dedicated server so with proxmox so i have proxmox to pfsense and then i want pfsense to vmware, But i do not understand how that is going to communicate to each other.
and how to set it up right, Because i get allot of people to me YHEA YOU DID THIS WRONG THAT but i just learning and they dont want to say the correct way, Like if there is no correct way of doing it.
@@Punchmememe I'll absolutely give it a try explaining! I might be guessing completely wrong but in the video description i have added a link to discord where you can show me some pictures to help me understand.
What it seems is that you have a physical machine with Proxmox and on that you have a VM with pfSense. You have another physical machine with vmware of some sort which you want to be connected to the network provided by pfSense.
What you need is to have 2 physical network interfaces connected to pfSense. 1 for network inn "WAN" and 1 for network out "LAN" you should then be able to connect the lan port of pfSense directly to the physical machine with vmware or a switch so you can connect even more devices to your pfSense lan. I kind of explain some of that in my video about VLAN's in pfSense.
I am thinking of doing a series setting up a homelab from scratch including more of the physical parts to it. cant promise I'll be quick about it so its more easy to ask me for now.
@@Divgitally thanks man this helped allot!
Only issue is that i have one nic.
So if i get this right
Make a vmbr0 thats connected to the eno1 (internet)
And a
Vmbr1
That is for lan only so does not matter if its connected to a real network.
And to let it connect
I only have to add “vmbr1” to a vm and configure the rest before hand inside pfsense?
@@Punchmememe Good to hear i wasn't way off!
You don't need to have a second physical nic. You can add one later if you decide to. I have been using the cheapest 1gig usb nic's i can get my hands on.
I'm guessing you have another router at home where everything is connected to including vmbr0 on Proxmox.
To start learning, I would keep vmbr0 connected to the home network and use it as WAN for pfSense. Then create vmbr1 as a LAN for my virtual machines on Proxmox
Before connecting it directly to the internet, I would add 1 physical nic and create vmbr2 then use that as wan for pfSense. Then you can keep using your home router and connect to Proxmox through that and vmbr0.
You can add a third nic depending on how you want your lab network to be but no reason rushing into it! Do it at your own pace, the most important thing is to have fun with it!
Whats you oppinion in opnsense ? Isnt it better ? I'd like to make an opnsense / nas for photo media storage on an old pc with 4c4t proc, 8gb ram (i can upgrade to 16) 128gb nvme and an 6tb external drive
To be honest, i have not used opnsense much but might be time to actually use it. All I can say other than that is that it might be better, I just don't know.
When it comes to memory, some nas software say that they need some amount for the os and then 1GB memory per terabyte of storage.
On my Openmediavault server with 4 terabyte of storage, I have given a total of 4GB memory without trouble.
I would give it a try and then upgrade later if you see a need for it. I have never had trouble with Proxmox when upgrading memory.
Best of luck on the project! And just ask if you have any questions and I will try to answer.
i ma trying to access pf through my home nat network is that possible
If you use it as your router, there is a setting where you can enable access to the gui from WAN. I recommend you dont do that and use something like a VPN instead.
Not sure if I understood you correctly, so go ahead and correct me if I'm wrong
@@Divgitally hi thanks for your reply so i could give you like a breake down of what i have
have some issue which has been driving me crazy, i have proxmox on my server and only have two nic ports , i used one for t-he management port on proxmox and the other is what i have left to run pf sesne , this is my set up i create a bridge without an ip address the second nic as a slave port and create a bridge which is connected to nothing and use it as my lan port , my issue now is that when i complete installation nd want to access pf sesne with e wan ip address it doesn't allow me, is there something i am missing and is there a way i can walk through it
@@Divgitally and just to clearify i am using this as a router for my home lab , but i also want to be able to connect to it through vpn when i am not home
@@teesec3978 ok. What you can do is setting it up like a router on a stick, but then what you need is a switch that can handle VLAN's. We have been through it with a guy doing something similar on the Discord server i set up. But in broad strokes, you set up something like VLAN 10 on 2 ports. one "access" for WAN and one "trunk" port with all VLAN's to use with pfSense. With pfSense up and running, create something like VLAN 20 for LAN that you set all other ports as access. I have done that to test myself, but I screw up to much to have that be a viable way so i just use a USB nic for either the management or WAN interface.
For VPN you can take a look at tailscale or twingate. They can be a bit annoying at times, but useful when they work as intended.
@@Divgitally can i get access to the discord group so we can talk more
So let me get this right, you set a Proxmox behind a router to make a router inside proxmox for the intern network?
Why would I virtualize a router/firewall if I have a router in front of the proxmox?
Don’t get me wrong, no critics I’m trying to understand. Isn’t a optimal network supposed to be: Internet(WAN) -> Firewall pfSense -> Proxmox/Home network etc.
What I see in ur video is: WAN -> Router -> Proxmox -> pfSense/router -> Home network. Which means ur Proxmox is standing with its naked ass in the internet?
Hello. You are completely right that the setup is not optimal the way it looks here.
I mostly wanted to show what had to be done to get pfSense up and running on Proxmox, but I see that I could have been more clear on that.
The way I am working to set it up now is for it to be its own parallel network within Proxmox accessible from my home network (also pfSense) and the virtual machines contained as a lab network.
You can also change the networking so Proxmox is behind pfSense and discard the router that might be in front.
Thank you for the message. It helps me see things from a different side than I am used to tinkering with this by myself.
@@Divgitally "You can also change the networking so Proxmox is behind pfSense and discard the router that might be in front." Do you mind explain how to accomplish this?
@Alex Han when you are setting up the LAN interface for pfSense, you can also type in an ip address for the interface in the range of the network you are planning to use as LAN or VLAN on pfSense. That way, you can access Proxmox from both or as many lan/Vlans as you wish. Tell me if anything is unclear, and I'll try to do better.
@@Divgitally can you make a quick video on how proxmox and pfsense should be configured in that scenario? or maybe "convert" your reply to a few steps we can follow?
@@jointdoggg Hello, I can try to make something to explain networking on Proxmox and how to use the virtual bridges. I just can't promise that I will be fast.
A virtualized firewall Is a big nono
From what i have seen around, it might not be optimal depending on securty needed. But i'm interested in knowing more about it from your side!
explain?
Virtualized firewall is great