Difference between revisions of "Proxmox All-in-One"
| Line 57: | Line 57: | ||
** edit /etc/network/interfaces | ** edit /etc/network/interfaces | ||
*** Change vmbr0 to vmbr1 & vmbr1 to vmbr0 | *** Change vmbr0 to vmbr1 & vmbr1 to vmbr0 | ||
*** Change the address & gateway to those assigned for PVE on the pfSense VM | *** Change the address & gateway (of what is now vmbr1) to those assigned for PVE on the pfSense VM | ||
** edit /etc/hosts | ** edit /etc/hosts | ||
*** Change the address to that assigned for PVE on the pfSense VM | *** Change the address to that assigned for PVE on the pfSense VM | ||
| Line 64: | Line 64: | ||
Wait at least a couple minutes for pfSense to fully boot. | Wait at least a couple minutes for pfSense to fully boot. | ||
<span style="color: rgb(132, 63, 161);" >'''At this point, the machine shows up on your network as a single device (The pfSense VM!)'''</span> | <span style="color: rgb(132, 63, 161);">'''At this point, the machine shows up on your network as a single device (The pfSense VM!)'''</span> | ||
You can now browse to https://'''MachineAddress'''/ to access pfSense or https://'''MachineAddress''':8006/ to access the PVE UI to do further setup of the system. | You can now browse to https://'''MachineAddress'''/ to access pfSense or https://'''MachineAddress''':8006/ to access the PVE UI to do further setup of the system. | ||
Revision as of 12:35, 2 March 2023
Installing PVE
Start with the port you will want as your LAN port (secondary) from pfSense connected to your network
Install PVE
Fix repositories
- Add "pve-no-subscription"
- Disable "pve-enterprise"
- Refresh updates
- Upgrade
Add a second Linux Bridge
- No addresses or gateways
- Assign your, as yet unused, second physical Ethernet port to this bridge
pfSense
- Build the pfSense VM
- 8GB drive, 4 cores, 4096MB RAM
- Use the second bridge (vmbr1) as the first network port & the original (vmbr0) as the second port
- Configure the pfSense VM to start at boot.
- Strongly reccomend setting it to boot FIRST & give a startup delay of at least a couple of minutes.
- Do a BACKUP
- Open the VM console & pretend you're building a normal pfSense router
- Once the VM is booted into pfSense...
- Do a BACKUP
- Then move on to:
Management VM
- Pick your favourite OS & build a VM (Or... Ya know... Since ya gave that second network bridge a physical NIC (Ya did, right?)... You could just plug a computer in there.)
- Point its network device at the second network bridge
- Sign into https://192.168.0.1 (from the Management VM)
- In Services / DHCP Server / LAN
- Under Servers, add in your DNS server(s) address(es)
- Restart networking on the Management VM
- Feed access to this VM through the pfSense firewall
- Do a BACKUP
pfSense Configuration
- Sign into https://192.168.0.1 (from the Management VM)
- In Services / DNS Resolver / General Settings, under Host Overrides
- set up a DNS entry for PVE
- In Firewall / NAT / Port Forward
- set up port forwarding for the pfSense UI (port 443)
- set up port forwarding for the PVE UI (port 8006)
- set up port forwarding for SSH (port 22) to the Management VM (if used...)
- Do a BACKUP
Taking it LIVE
Up to this point, your server works fine on an internal network. Unfortunately, as far as the world outside the box is concerned, there are 2 machines there. The Proxmox install AND a pfSense install. They both show up on the network.
So...
Let's fix that.
- Sign into the physical machine (PVE)
- edit /etc/network/interfaces
- Change vmbr0 to vmbr1 & vmbr1 to vmbr0
- Change the address & gateway (of what is now vmbr1) to those assigned for PVE on the pfSense VM
- edit /etc/hosts
- Change the address to that assigned for PVE on the pfSense VM
- edit /etc/network/interfaces
Reboot the machine
Wait at least a couple minutes for pfSense to fully boot.
At this point, the machine shows up on your network as a single device (The pfSense VM!)
You can now browse to https://MachineAddress/ to access pfSense or https://MachineAddress:8006/ to access the PVE UI to do further setup of the system.
(Where MachineAddress is the address or name assigned to it by your local network...)