Difference between revisions of "Proxmox All-in-One"

From Da Nerd Mage Wiki
Jump to navigation Jump to search
Tag: Manual revert
Line 1: Line 1:
= Installing PVE =
Start with the port you will want as your LAN port (secondary) from pfSense connected to your network
Install PVE
Fix repositories
* Add "pve-no-subscription"
* Disable "pve-enterprise"
* Refresh updates
* Upgrade
Add a second Linux Bridge
* No addresses or gateways
* Assign your, as yet unused, second physical Ethernet port to this bridge
= pfSense =
= pfSense =
* Install [[pfSense{{!}}pfSense]] ([https://getlabsdone.com/how-to-install-pfsense-on-proxmox-step-by-step/ a link])
Installing [[pfSense{{!}}pfSense]] ([https://getlabsdone.com/how-to-install-pfsense-on-proxmox-step-by-step/ a link])
** Set up a second network bridge internally (& give it a secondary physical NIC if you have one)
* Build the pfSense VM
** Build the pfSense VM
** 8GB drive, 4 cores, 4096MB RAM
*** 8GB drive, 4 cores, 4096MB RAM
** Use the second bridge (vmbr1) as the first network port & the original (vmbr0) as the second port
*** Add a second network device (on the second bridge... duh...)
** Configure the pfSense VM to start at boot.
*** Strongly reccomend setting it to boot FIRST & give a startup delay of at least a couple of minutes.
** <span style="color: rgb(186, 55, 42);">Do a BACKUP</span>
** <span style="color: rgb(186, 55, 42);">Do a BACKUP</span>
** Open the VM console & pretend you're building a normal pfSense router
** Open the VM console & pretend you're building a normal pfSense router
Line 14: Line 29:
* Pick your favourite OS & build a VM <span style="color: rgb(132, 63, 161);">(Or... Ya know... Since ya gave that second network bridge a physical NIC (Ya did, right?)... You could just plug a computer in there.)</span>
* Pick your favourite OS & build a VM <span style="color: rgb(132, 63, 161);">(Or... Ya know... Since ya gave that second network bridge a physical NIC (Ya did, right?)... You could just plug a computer in there.)</span>
** Point its network device at the second network bridge
** Point its network device at the second network bridge
** Sign into '''<nowiki>https://192.168.1.1</nowiki>''' (from the Management VM)
** Sign into '''<nowiki>https://192.168.0.1</nowiki>''' (from the Management VM)
** Go into Services / DHCP Server / LAN
** In '''Services / DHCP Server / LAN'''
*** Under Servers, add in your DNS server(s) address(es)
*** Under Servers, add in your DNS server(s) address(es)
** Restart networking on the Management VM
** Restart networking on the Management VM
** Feed access to this VM through the pfSense firewall
** Feed access to this VM through the pfSense firewall
* & continue messing with pfSense
* '''<span style="color: rgb(186, 55, 42);">Do a BACKUP</span>'''
** '''<span style="color: rgb(186, 55, 42);">Do a BACKUP</span>'''


= pfSense Configuration =
= pfSense Configuration =
*Sign into '''<nowiki>https://192.168.0.1</nowiki>''' (from the Management VM)
*In '''Services / DNS Resolver / General Settings''', under '''Host Overrides'''
**set up a DNS entry for PVE
* In '''Firewall / NAT / Port Forward'''
** set up port forwarding for the pfSense UI (port 443)
** set up port forwarding for the PVE UI (port 8006)
** set up port forwarding for SSH (port 22) to the Management VM (if used...)
*'''<span style="color: #ba372a;">Do a BACKUP</span>'''
= Taking it LIVE =
= Taking it LIVE =
Here's where things get a bit fugly...
Up to this point, your server works fine on an internal network. Unfortunately, as far as the world outside the box is concerned, there are 2 machines there. The '''Proxmox''' install AND a '''pfSense''' install. They both show up on the network.
Up to this point, your server works fine on an internal network. Unfortunately, as far as the world outside the box is concerned, there are 2 machines there. The '''Proxmox''' install AND a '''pfSense''' install. They both show up on the network.


Line 32: Line 54:
Let's fix that.
Let's fix that.


# Swap all of the network connections on all existing VMs
* Sign into the physical machine (PVE)
#* Go into the '''Hardware''' tab for each VM...
** edit /etc/network/interfaces
#* edit any '''Network Device'''(s) they have configured...
*** Change vmbr0 to vmbr1 & vmbr1 to vmbr0
#* basically, swap them to the opposite '''Bridge''' (vmbr) from what they currently use.
*** Change the address & gateway to those assigned for PVE on the pfSense VM
# SSH into Proxmox & change vmbr0 back to static
** edit /etc/hosts
#* Give it the IP address your pfSense VM should be assigning it & the IP of the pfSense VM as its gateway.
*** Change the address to that assigned for PVE on the pfSense VM
#* It'd be a good idea to edit <code>/etc/hosts</code> to match the new address.
Reboot the machine
# Switch the physical network cables.
 
#* If NIC #1 is currently plugged into your network, swap it for NIC #2 (or whichever NIC you set your second bridge up to use...)
Wait at least a couple minutes for pfSense to fully boot
# Reboot the machine.
 
You can now browse to https://'''MachineAddress'''/ to access pfSense or https://'''MachineAddress''':8006/ to access the PVE UI
 
(Where '''MachineAddress''' is the address or name assigned to it by your local network...)

Revision as of 11:27, 2 March 2023

Installing PVE

Start with the port you will want as your LAN port (secondary) from pfSense connected to your network

Install PVE

Fix repositories

  • Add "pve-no-subscription"
  • Disable "pve-enterprise"
  • Refresh updates
  • Upgrade

Add a second Linux Bridge

  • No addresses or gateways
  • Assign your, as yet unused, second physical Ethernet port to this bridge

pfSense

Installing pfSense (a link)

  • Build the pfSense VM
    • 8GB drive, 4 cores, 4096MB RAM
    • Use the second bridge (vmbr1) as the first network port & the original (vmbr0) as the second port
    • Configure the pfSense VM to start at boot.
      • Strongly reccomend setting it to boot FIRST & give a startup delay of at least a couple of minutes.
    • Do a BACKUP
    • Open the VM console & pretend you're building a normal pfSense router
    • Once the VM is booted into pfSense...
    • Do a BACKUP
    • Then move on to:

Management VM

  • Pick your favourite OS & build a VM (Or... Ya know... Since ya gave that second network bridge a physical NIC (Ya did, right?)... You could just plug a computer in there.)
    • Point its network device at the second network bridge
    • Sign into https://192.168.0.1 (from the Management VM)
    • In Services / DHCP Server / LAN
      • Under Servers, add in your DNS server(s) address(es)
    • Restart networking on the Management VM
    • Feed access to this VM through the pfSense firewall
  • Do a BACKUP

pfSense Configuration

  • Sign into https://192.168.0.1 (from the Management VM)
  • In Services / DNS Resolver / General Settings, under Host Overrides
    • set up a DNS entry for PVE
  • In Firewall / NAT / Port Forward
    • set up port forwarding for the pfSense UI (port 443)
    • set up port forwarding for the PVE UI (port 8006)
    • set up port forwarding for SSH (port 22) to the Management VM (if used...)
  • Do a BACKUP

Taking it LIVE

Up to this point, your server works fine on an internal network. Unfortunately, as far as the world outside the box is concerned, there are 2 machines there. The Proxmox install AND a pfSense install. They both show up on the network.

So...

Let's fix that.

  • Sign into the physical machine (PVE)
    • edit /etc/network/interfaces
      • Change vmbr0 to vmbr1 & vmbr1 to vmbr0
      • Change the address & gateway to those assigned for PVE on the pfSense VM
    • edit /etc/hosts
      • Change the address to that assigned for PVE on the pfSense VM

Reboot the machine

Wait at least a couple minutes for pfSense to fully boot

You can now browse to https://MachineAddress/ to access pfSense or https://MachineAddress:8006/ to access the PVE UI

(Where MachineAddress is the address or name assigned to it by your local network...)

Retrieved from ‘https://wiki.nerdmage.ca/index.php?title=Proxmox_All-in-One&oldid=1506