[PVE-User] Routed Setup possible?

Guy guy at britewhite.net
Fri Oct 15 09:16:13 CEST 2010


Your solution is to run a firewall and a  few VLANS.

I use pfsense, pfsense.org, free open source and works great in a virtual.  I originally did this because my hardware firewall failed and I needed something quick, however it's stayed in service as it's really rather nice.

Do you have a switch that can also support VLANS (level 2), if so then you can do this very simply.  Just create a new virtual server for pfsense and give it at least 3 networks, WAN, LAN and DMZ.  In side proxmox you can create the VLANS, you'll need to reboot proxmox once you've created all the VLANs to get them online

Basically I would have proxmox sitting on the LAN with no VLAN tagging, and then create a new VLAN for WAN and DMZ.  On the switch set the proxmox port to have those new VLANs tagged.  Then set another port to be the external WAN interface with no tagging but in the same WAN VLAN.  Do the same for DMZ if you want physical systems to be in the DMZ.  If however all your servers are virtual then you don't need to.

If you have two NICs in your proxmox system then you don't need the the level 2 switch, just assign one interface as WAN and the other as LAN.  The WAN does not need an IP inside proxmox.  The firewall will be assigned the WAN IP address.

As for NAT, yes you will need this, and pfsense fully supports that and it's very simple to set up.


On 14 Oct 2010, at 15:29, Alexander Täffner (dark alex) wrote:

> Hi all,
> is there any clean way to setup a routing?
> I have an IP Subnet but need the Hostmachine acting as Router for the
> Packets not to get dropped by the Infrastructure.
> I attached a Visio-Draft of what I mean with some more details. (Needs a PDF Reader like Adobe Acrobat)
> Regards
> Mit freundlichen Grüßen,
> Alexander Täffner
> -- 
> ---------------------------------------------------
> Firesplash Entertainment
> Projektleitung
> Besuchen sie uns im Web:
> http://www.firesplash.de
> ---------------------------------------------------
> <Bridging vs. Routing.pdf>_______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user

More information about the pve-user mailing list