I'm not sure where to ask this question, so I thought i'd be best off starting here. I am renting a dedicated server from Kimsufi, to be used for running several virtual machines (mainly game servers). However, as per
http://pve.proxmox.com/wiki/Network_Model
I decided the best course of action would be to run the servers inside their own subnet, and then forward that traffic to the external interface, as I only have one public IP address, and I cannot purchase more.
However, Due to the fact that many of the people who also use this server are not exactly tech-savvy, and the limitations of having to reboot every VM if you take an interface down and up, I thought to use pfSense, something I am familiar with, to handle port-forwarding from the external interface to the VM network.
Where vmbr0 is the outward facing IP, vmbr2 is the WAN interface for the pfSense VM, and vmbr3 is the interface for the VMs.
From pfSense, and a ubuntu liveCD VM, I am able to ping outside the network, and access the internet. However, traffic cannot get back through to the VMs. From the proxmox host, I am able to ping the 10.0.0.1 interface, but not 10.0.0.2 (pfSense WAN IP), or anything in the 192.168.1.0/24 range (vmbr3 IP).
What steps would I need to take, to allow traffic to get to the pfSense VM? I cannot simply forward all traffic, as I still need access to Proxmox's webUI. Sorry for the essay, but I thought I'd include as much as I could.
http://pve.proxmox.com/wiki/Network_Model
I decided the best course of action would be to run the servers inside their own subnet, and then forward that traffic to the external interface, as I only have one public IP address, and I cannot purchase more.
However, Due to the fact that many of the people who also use this server are not exactly tech-savvy, and the limitations of having to reboot every VM if you take an interface down and up, I thought to use pfSense, something I am familiar with, to handle port-forwarding from the external interface to the VM network.
Code:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# for Routing
auto vmbr1
iface vmbr1 inet manual
post-up /etc/pve/kvm-networking.sh
bridge_ports dummy0
bridge_stp off
bridge_fd 0
# vmbr0: Bridging. Make sure to use only MAC addresses that were assigned to you.
auto vmbr0
iface vmbr0 inet static
address x.x.x.x
netmask 255.255.255.0
network x.x.x.x
broadcast x.x.x.x
gateway x.x.x.x
bridge_ports eth0
bridge_stp off
bridge_fd 0
auto vmbr2
iface vmbr2 inet static
address 10.0.0.1
netmask 255.255.255.248
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.0.0.2/29' -i vmbr0 -j DNAT --to 10.0.0.2
auto vmbr3
iface vmbr3 inet manual
bridge_ports none
bridge_stp off
bridge_fd 0From pfSense, and a ubuntu liveCD VM, I am able to ping outside the network, and access the internet. However, traffic cannot get back through to the VMs. From the proxmox host, I am able to ping the 10.0.0.1 interface, but not 10.0.0.2 (pfSense WAN IP), or anything in the 192.168.1.0/24 range (vmbr3 IP).
What steps would I need to take, to allow traffic to get to the pfSense VM? I cannot simply forward all traffic, as I still need access to Proxmox's webUI. Sorry for the essay, but I thought I'd include as much as I could.