Difference between revisions of "PVE All-in-One"

From Da Nerd Mage Wiki
Jump to navigation Jump to search
 
(4 intermediate revisions by the same user not shown)
Line 29: Line 29:
** Configure the pfSense VM to start at boot.
** Configure the pfSense VM to start at boot.
*** go into Options for the VM...
*** go into Options for the VM...
**** double-click '''Start at boot,''' check the box & hit OK
*** Strongly reccomend setting it to boot FIRST & give a startup delay of at least a couple of minutes.
*** Strongly reccomend setting it to boot FIRST & give a startup delay of at least a couple of minutes.
**** double-click '''Start/Shutdown order''', enter 1 in the first box, 120 in the second & hit OK
** <span style="color: rgb(186, 55, 42);">Do a BACKUP</span>
** <span style="color: rgb(186, 55, 42);">Do a BACKUP</span>
** Open the VM console & pretend you're building a normal pfSense router<br>
** Open the VM console & pretend you're building a normal pfSense router<br>
*** Defaults across the board up to Reboot into installed system
*** No VLANs
*** WAN = vtnet0
*** LAN = vtnet1
*** Once it's running:
**** select option 14 & enable SSH (you'll potentially be grateful later)
** '''<span style="color: rgb(186, 55, 42);">Do a BACKUP</span>'''<br>
** '''<span style="color: rgb(186, 55, 42);">Do a BACKUP</span>'''<br>


Line 49: Line 57:
***set up a DNS entry for PVE. (I like 192.168.1.2)
***set up a DNS entry for PVE. (I like 192.168.1.2)
** In '''Firewall / NAT / Port Forward'''
** In '''Firewall / NAT / Port Forward'''
*** set up port forwarding for the pfSense UI (port 443)
*** set up port forwarding for the pfSense UI
*** set up port forwarding for the PVE UI (port 8006)
**** port 443
*** set up port forwarding for SSH (port 22) to the Management VM (if used...)
**** This will be removed if you take the server live on the Internet.
*** set up port forwarding for the PVE UI
**** port 8006
*** set up port forwarding for SSH to the Management VM (if used...)
**** port 22
**** You will need to give the Management VM a fixed address in some way. (I prefer through DHCP Static Mapping)
** QEMU Guest Agent would be handy too...
** QEMU Guest Agent would be handy too...
*** [https://forum.netgate.com/topic/162083/pfsense-vm-on-proxmox-qemu-agent-installation PfSense VM on ProxMox : Qemu-agent installation]
*** [https://forum.netgate.com/topic/162083/pfsense-vm-on-proxmox-qemu-agent-installation PfSense VM on ProxMox : Qemu-agent installation]
*'''<span style="color: #ba372a;">Do a BACKUP</span>'''
*'''<span style="color: #ba372a;">Do a BACKUP</span>'''
'''Do note:''' These port forwards may be a security risk when you take the system live. They are here for ease of access while configuring the system.
'''Do note:''' Some of these port forwards may be a security risk when you take the system live. They are here for ease of access while configuring the system.


== Taking it LIVE ==
== Taking it LIVE ==
Line 73: Line 86:
** edit /etc/hosts
** edit /etc/hosts
*** Change the address to that assigned for PVE on the pfSense VM<br>
*** Change the address to that assigned for PVE on the pfSense VM<br>
** Swap the network cables
Reboot the machine
Reboot the machine



Latest revision as of 15:18, 10 November 2023

Start by installing PVE

Configure your second Network Port

Add a second Linux Bridge (This will be named vmbr1)

  • (Datacenter / Server ... System / Network)
  • Hit the Create button & choose Linux Bridge
  • No addresses or gateways
  • Assign your, as yet unused, second physical Ethernet port to this bridge
    • For good measure, put something along the lines of "Local Network" in the comment for this one
    • (You could edit vmbr0 & put "The Interwebs" in it's comment too...)

Do NOT Forget to Apply Configuration...

pfSense

Installing pfSense (a link)

(More information about setting up pfSense)

  • Download the pfSense DVD ISO to your desktop
  • Un-gzip it
  • Upload it to the ISO Images folder on your Local datastore
  • Build the pfSense VM
    • ISO image: pfSense-CE-2.7.0-RELEASE-amd64.iso
    • Guest OS Type: Other
    • 8GB drive, 4 cores, 4096MB RAM
      • (I'd suggest setting Processor Type to host)
    • Use the original bridge (vmbr0) as the first network port & the new bridge (vmbr1) as the second port.
      • You'll need to go into Hardware for the VM to add in the second Network Device AFTER creating the VM.
      • For some reason, when you choose "other" as your OS type, PVE defaults the network device model to "Intel E1000".
        This seems unreliable for pfSense. Select "VirtIO (paravirtualized)" instead.
    • Configure the pfSense VM to start at boot.
      • go into Options for the VM...
        • double-click Start at boot, check the box & hit OK
      • Strongly reccomend setting it to boot FIRST & give a startup delay of at least a couple of minutes.
        • double-click Start/Shutdown order, enter 1 in the first box, 120 in the second & hit OK
    • Do a BACKUP
    • Open the VM console & pretend you're building a normal pfSense router
      • Defaults across the board up to Reboot into installed system
      • No VLANs
      • WAN = vtnet0
      • LAN = vtnet1
      • Once it's running:
        • select option 14 & enable SSH (you'll potentially be grateful later)
    • Do a BACKUP

Management VM

  • Pick your favourite OS & build a VM
    (Or... Ya know... Since ya gave that second network bridge a physical NIC (Ya did, right?)... You could just plug a computer in there.)
    • Point its network device at the second network bridge (vmbr1).
  • Do a BACKUP

Further VMs

Note: Any further VMs created on this server need to have their network interfaces on vmbr1 or else they'll appear on the WAN port.

pfSense Configuration

(assumption: pfSense LAN network is the default of 192.168.1.0/24)

  • Sign into https://192.168.1.1 (from the Management VM) (or... If working inside your LAN)
    • In Services / DNS Resolver / General Settings, under Host Overrides
      • set up a DNS entry for PVE. (I like 192.168.1.2)
    • In Firewall / NAT / Port Forward
      • set up port forwarding for the pfSense UI
        • port 443
        • This will be removed if you take the server live on the Internet.
      • set up port forwarding for the PVE UI
        • port 8006
      • set up port forwarding for SSH to the Management VM (if used...)
        • port 22
        • You will need to give the Management VM a fixed address in some way. (I prefer through DHCP Static Mapping)
    • QEMU Guest Agent would be handy too...
  • Do a BACKUP

Do note: Some of these port forwards may be a security risk when you take the system live. They are here for ease of access while configuring the system.

Taking it LIVE

Up to this point, your server works fine on an internal network. Unfortunately, as far as the world outside the box is concerned, there are 2 machines there. The Proxmox install AND a pfSense install. They both show up on the network.

So...

Let's fix that.

  • Sign into the physical machine (PVE)
    • Make backups of the 2 files we're about to modify
      • cp /etc/network/interfaces /etc/network/interfaces.BAK
      • cp /etc/hosts /etc/hosts.BAK
    • edit /etc/network/interfaces
      • Change vmbr0 to vmbr1 & vmbr1 to vmbr0
      • Change the address & gateway to those assigned for PVE on the pfSense VM
    • edit /etc/hosts
      • Change the address to that assigned for PVE on the pfSense VM
    • Swap the network cables

Reboot the machine

Wait at least a couple minutes for pfSense to fully boot.

At this point, the machine shows up on your network as a single device (The pfSense VM!)

You can now browse to https://MachineAddress/ to access pfSense or https://MachineAddress:8006/ to access the PVE UI to do further setup of the system.

(Where MachineAddress is the address or name assigned to it by your local network...)

Congratulations!  You have built a router out of a server.  If you plug the first Ethernet port into the Internet and connect a switch to the second Ethernet port, this machine can replace the router provided by your ISP...