Issues with PFsense and Proxmox

[Cloveh]

Hello!

So I recently got gigabit internet in my home and I thought it would be a great time to get rid of the rental router modem combo thing and drop in my own router. I used a Dell PowerEdge r610 with 2 E5540s as the base for the router, installed Proxmox, made myself a VM for PFsense and installed it. Everything works beautifully with the virtualized LAN and WAN ports, but even after trying to port forward using NAT in PF sense, I am unable to access the Proxmox web environment from outside my internal network. 

I have forwarded port 8006 through PFsense NAT, yet online port checkers say it is closed. My network: Modem(wan) --> r610(eno1) PFsense dedicated WAN port, passed through Proxmox --> r610(eno2) LAN (another passthrough port)--> Switch --> Proxmox r610 (eno4) (another dedicated port, just for proxmox).

I know there are security flaws to having the Proxmox web environment exposed externally, I don't care. I want to be able to access it when I am away from home, not through SSH. 

 

I would appreciate any help! 

Thanks!!

[brwainer]

I would first try to port forward another HTTPS server (if you don't have something else, then just set up apache or nginx on another VM) to make sure you have the fundamentals of port forwarding with PFSense correct.

[Cloveh]

OK I tried that, same issue. Error connection timed out, port says its closed. I don't see what Im doing wrong here, I followed the guide on netgates website. I will attach my settings.

[brwainer]

Is the proxmox server set to use the PFSense as its default gateway? Is it able to reach the internet (for example, try to check for updates or install them on Proxmox)

[leadeater]

2 hours ago, brwainer said:

Is the proxmox server set to use the PFSense as its default gateway? Is it able to reach the internet (for example, try to check for updates or install them on Proxmox)

That would be my guess too, promox is getting the forwarded web requests but doesn't know a valid return route to reply to has to drop it.

[dalekphalm]

@Cloveh an alternative to Port Forwarding the Proxmox web client would be to configure a VPN server - it would be more secure as well. But the VPN server may require port forwarding too, so you may need to figure out what's going on anyway.

[brwainer]

6 hours ago, dalekphalm said:

@Cloveh an alternative to Port Forwarding the Proxmox web client would be to configure a VPN server - it would be more secure as well. But the VPN server may require port forwarding too, so you may need to figure out what's going on anyway.

If he sets up the VPN server on the PFSense then it wouldn't require any port forwards.

[Cloveh]

8 hours ago, dalekphalm said:

@Cloveh an alternative to Port Forwarding the Proxmox web client would be to configure a VPN server - it would be more secure as well. But the VPN server may require port forwarding too, so you may need to figure out what's going on anyway.

 

1 hour ago, brwainer said:

If he sets up the VPN server on the PFSense then it wouldn't require any port forwards.

Thanks, Ill give that a try now, I can't believe I didn't think of that before!

[Cloveh]

22 hours ago, brwainer said:

Is the proxmox server set to use the PFSense as its default gateway? Is it able to reach the internet (for example, try to check for updates or install them on Proxmox)

Yes it is set as the default gateway, internet works fine.

[Cloveh]

20 hours ago, leadeater said:

That would be my guess too, promox is getting the forwarded web requests but doesn't know a valid return route to reply to has to drop it.

 

22 hours ago, brwainer said:

Is the proxmox server set to use the PFSense as its default gateway? Is it able to reach the internet (for example, try to check for updates or install them on Proxmox)

Thanks a bunch for your suggestion guys!! I checked the settings in proxmox and the network setup was a weird hybrid of settings from comcast and my previous ISP Att. I ended up resetting all the network addresses for DNS and DHCP and rebooted and it works fine.