• Serveurs
  • HELP!! Hetzner 1 Public IP + Proxmox + OPNSense

I have the following problem, I have a dedicated server in Hetzner with 1 public IP, I must install a Proxmox, a virtual machine with OPNSense to use as a router... and the other virtual machines connect through said router.

I have my /etc/network/interfaces as follows from Proxmox:

https://pastecode.io/s/2n22j919

download OPNSense create a new virtual machine, then in configuration use:

WAN: vtnet0 ip 192.168.1.1/24

For a WAN enter the new wan IPv4 upstream gateway address: 192.168.1.0

Do you want to use the gateway as the ipv4 name server too? AND

IPV6 DHCP: Y

DHCP FOR WAN: N

ok after this, I must do a pfctl -d so that the proxmox can see the opnsense...

I install a virtual machine with Windows 7, I add the data to the network card: 192.168.1.2 255.255.255 192.168.1.1

1.1.1.1

With this I can enter http://192.168.1.1 (OPNSense)

I change to port 9000 and set it to HTTP and disable HTTP_REFERER

With this I can now access OPNSense from outside.

Now... in OPNSense I open the port for example 7775 and run a python on Windows 7 with a hello world... when I want to enter from the outside... I can't but the mv can browse the internet.

But if I change the gateway to 192.168.1.0 in the Windows 7 virtual machine, it can browse the Internet, but I cannot access it from outside to port 7775.

What am I doing wrong?

Hello @KatiaSis,
I'm away from my home and keyboard 😅
You had an misunderstanding about network...
First thing, you can't use 192.168.1.0/24 for WAN AND LAN.
If you use 192.168.1.0 for vmbr0 so the mask need to be /31 instead /24.
So 192.168.1.0/31 allow 192.168.1.0 and 192.168.1.1, it's enough for connecting proxmox to opnsense.
Now your "wan" connection is OK, create a lan.
I see an ovsbridge so I think you follow themorpheus tutorials.
It's using vlans after, I think the best for starting and understanding the process try to create an vmbr2 without any addresses and attach this one to opnsense and your vm.
In opnsense when you create the lan side using the wizard the rules for firewalling it's create in the same time, if you create the lan as an opt1 no rules was create so take a look inside the firewall lan rules to understanding which one is necessary.
This lan network need to be an different network from wan.
If you take 192.168.1.0/31 so take 192.168.10.0/24 this time 😉
Obviously don't forget to check allow private addresses in wan section whenever it's not working.

Don't use dhcp v6 for wan it's not good.

Take a look about this to find an solution.
Or maybe you can go here

    MattProd

    Yes, I do backend, but I have to cover a colleague out of urgency and I had to do it, at homelab I have it but opnsense on one server and proxmox on anothers and it works without doing anything 😅

    Répondre…