Difference between revisions of "Proxmox All-in-One"

From Da Nerd Mage Wiki
Jump to navigation Jump to search
Line 1: Line 1:
= Installing PVE =
= Installing PVE =
Start with the port you will want as your LAN port (secondary) from pfSense connected to your network
Start with the port you will want as your WAN port (primary) from pfSense connected to your network


Install PVE
Install PVE
Line 9: Line 9:
* Refresh updates
* Refresh updates
* Upgrade
* Upgrade
Add a second Linux Bridge
Add a second Linux Bridge (This will be named '''vmbr1''')
* No addresses or gateways
* No addresses or gateways
* Assign your, as yet unused, second physical Ethernet port to this bridge
* Assign your, as yet unused, second physical Ethernet port to this bridge
** For good measure, put something along the lines of "Local Network" in the comment for this one
** (You could edit vmbr0 & put "The Interwebs" in it's comment too...)


= pfSense =
= pfSense =
Line 17: Line 19:
* Build the pfSense VM
* Build the pfSense VM
** 8GB drive, 4 cores, 4096MB RAM
** 8GB drive, 4 cores, 4096MB RAM
** Use the second bridge (vmbr1) as the first network port & the original (vmbr0) as the second port
** Use the original bridge (vmbr0) as the first network port & the new bridge (vmbr1) as the second port.
*** For some reason, when you choose "other" as your OS type, PVE defaults the network device model to "Intel E1000".<br>This seems unreliable for pfSense. Select "VirtIO (paravirtualized)" instead.
** Configure the pfSense VM to start at boot.
** Configure the pfSense VM to start at boot.
*** Strongly reccomend setting it to boot FIRST & give a startup delay of at least a couple of minutes.
*** Strongly reccomend setting it to boot FIRST & give a startup delay of at least a couple of minutes.
** <span style="color: rgb(186, 55, 42);">Do a BACKUP</span>
** <span style="color: rgb(186, 55, 42);">Do a BACKUP</span>
** Open the VM console & pretend you're building a normal pfSense router
** Open the VM console & pretend you're building a normal pfSense router<br>
** Once the VM is booted into pfSense...
** '''<span style="color: rgb(186, 55, 42);">Do a BACKUP</span>'''<br>
** '''<span style="color: rgb(186, 55, 42);">Do a BACKUP</span>'''
** Then move on to:


= Management VM =
= Management VM =
* Pick your favourite OS & build a VM <span style="color: rgb(132, 63, 161);">(Or... Ya know... Since ya gave that second network bridge a physical NIC (Ya did, right?)... You could just plug a computer in there.)</span>
* Pick your favourite OS & build a VM <br><span style="color: rgb(132, 63, 161);">(Or... Ya know... Since ya gave that second network bridge a physical NIC (Ya did, right?)... You could just plug a computer in there.)</span>
** Point its network device at the second network bridge
** Point its network device at the second network bridge (vmbr1).
** Sign into '''<nowiki>https://192.168.0.1</nowiki>''' (from the Management VM)
** In '''Services / DHCP Server / LAN'''
*** Under Servers, add in your DNS server(s) address(es)
** Restart networking on the Management VM
** Feed access to this VM through the pfSense firewall
* '''<span style="color: rgb(186, 55, 42);">Do a BACKUP</span>'''
* '''<span style="color: rgb(186, 55, 42);">Do a BACKUP</span>'''


Line 39: Line 35:


*Sign into '''<nowiki>https://192.168.0.1</nowiki>''' (from the Management VM)
*Sign into '''<nowiki>https://192.168.0.1</nowiki>''' (from the Management VM)
*In '''Services / DNS Resolver / General Settings''', under '''Host Overrides'''
**In '''Services / DNS Resolver / General Settings''', under '''Host Overrides'''
**set up a DNS entry for PVE
***set up a DNS entry for PVE. (I like 192.168.0.2)
* In '''Firewall / NAT / Port Forward'''
** In '''Firewall / NAT / Port Forward'''
** set up port forwarding for the pfSense UI (port 443)
*** set up port forwarding for the pfSense UI (port 443)
** set up port forwarding for the PVE UI (port 8006)
*** set up port forwarding for the PVE UI (port 8006)
** set up port forwarding for SSH (port 22) to the Management VM (if used...)
*** set up port forwarding for SSH (port 22) to the Management VM (if used...)
** QEMU Guest Agent would be handy too...
*** [https://forum.netgate.com/topic/162083/pfsense-vm-on-proxmox-qemu-agent-installation PfSense VM on ProxMox : Qemu-agent installation]
*'''<span style="color: #ba372a;">Do a BACKUP</span>'''
*'''<span style="color: #ba372a;">Do a BACKUP</span>'''
'''Do note:''' These port forwards may be a security risk when you take the system live. They are here for ease of access while configuring the system.


= Taking it LIVE =
= Taking it LIVE =
Line 56: Line 55:
* Sign into the physical machine (PVE)
* Sign into the physical machine (PVE)
** edit /etc/network/interfaces
** edit /etc/network/interfaces
*** Change vmbr0 to vmbr1 & vmbr1 to vmbr0
*** Move the address & gateway from vmbr0 to vmbr1 and change them to those assigned for PVE on the pfSense VM.
*** Change the address & gateway (of what is now vmbr1) to those assigned for PVE on the pfSense VM
** edit /etc/hosts
** edit /etc/hosts
*** Change the address to that assigned for PVE on the pfSense VM
*** Change the address to that assigned for PVE on the pfSense VM<br>
Reboot the machine
Reboot the machine



Revision as of 03:53, 5 March 2023

Installing PVE

Start with the port you will want as your WAN port (primary) from pfSense connected to your network

Install PVE

Fix repositories

  • Add "pve-no-subscription"
  • Disable "pve-enterprise"
  • Refresh updates
  • Upgrade

Add a second Linux Bridge (This will be named vmbr1)

  • No addresses or gateways
  • Assign your, as yet unused, second physical Ethernet port to this bridge
    • For good measure, put something along the lines of "Local Network" in the comment for this one
    • (You could edit vmbr0 & put "The Interwebs" in it's comment too...)

pfSense

Installing pfSense (a link)

  • Build the pfSense VM
    • 8GB drive, 4 cores, 4096MB RAM
    • Use the original bridge (vmbr0) as the first network port & the new bridge (vmbr1) as the second port.
      • For some reason, when you choose "other" as your OS type, PVE defaults the network device model to "Intel E1000".
        This seems unreliable for pfSense. Select "VirtIO (paravirtualized)" instead.
    • Configure the pfSense VM to start at boot.
      • Strongly reccomend setting it to boot FIRST & give a startup delay of at least a couple of minutes.
    • Do a BACKUP
    • Open the VM console & pretend you're building a normal pfSense router
    • Do a BACKUP

Management VM

  • Pick your favourite OS & build a VM
    (Or... Ya know... Since ya gave that second network bridge a physical NIC (Ya did, right?)... You could just plug a computer in there.)
    • Point its network device at the second network bridge (vmbr1).
  • Do a BACKUP

pfSense Configuration

  • Sign into https://192.168.0.1 (from the Management VM)
    • In Services / DNS Resolver / General Settings, under Host Overrides
      • set up a DNS entry for PVE. (I like 192.168.0.2)
    • In Firewall / NAT / Port Forward
      • set up port forwarding for the pfSense UI (port 443)
      • set up port forwarding for the PVE UI (port 8006)
      • set up port forwarding for SSH (port 22) to the Management VM (if used...)
    • QEMU Guest Agent would be handy too...
  • Do a BACKUP

Do note: These port forwards may be a security risk when you take the system live. They are here for ease of access while configuring the system.

Taking it LIVE

Up to this point, your server works fine on an internal network. Unfortunately, as far as the world outside the box is concerned, there are 2 machines there. The Proxmox install AND a pfSense install. They both show up on the network.

So...

Let's fix that.

  • Sign into the physical machine (PVE)
    • edit /etc/network/interfaces
      • Move the address & gateway from vmbr0 to vmbr1 and change them to those assigned for PVE on the pfSense VM.
    • edit /etc/hosts
      • Change the address to that assigned for PVE on the pfSense VM

Reboot the machine

Wait at least a couple minutes for pfSense to fully boot.

At this point, the machine shows up on your network as a single device (The pfSense VM!)

You can now browse to https://MachineAddress/ to access pfSense or https://MachineAddress:8006/ to access the PVE UI to do further setup of the system.

(Where MachineAddress is the address or name assigned to it by your local network...)

Congratulations!  You have built a router out of a server.  If you plug the first Ethernet port into the Internet and connect a switch to the second Ethernet port, this machine can replace the router provided by your ISP...