Discussion - How to setup Pfsense with NAT 1:1 | PlexGuide.com

Discussion How to setup Pfsense with NAT 1:1

  • Stop using Chrome! Download the Brave Browser via >>> [Brave.com]
    It's a forked version of Chrome with native ad-blockers and Google's spyware stripped out! Download for Mac, Windows, Android, and Linux!
Welcome to the PlexGuide.com
Serving the Community since 2016!
Register Now

altoyda

Active
Original poster
Patron
Jul 18, 2020
44
12
I been getting a lot PM on this. In this Guide I will show you how I did it.
First this my setup Pic. Before anyone ask pfsense is a VM.
View attachment 4992

1. Make sure have a additional IP from Hetzner and it has Separate Mac address for it.
2. Need to edit your /etc/network/interfaces file on proxmox server.
To look like this.
Code:
### Hetzner Online GmbH installimage

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback
iface lo inet6 loopback


# device: eno1
iface eno1 inet manual
iface eno1 inet6 manual

auto vmbr0
iface vmbr0 inet static
        # WAN Interface
        address 95.aaa.aa.aa <---Main IP OF HETZNER SERVER
        gateway 95.aaa.aa.a  <---MAIN GATEWAY OF HETZNER SERVER
        bridge_ports eno1    <---MAIN PORT THE NAME OF THE NET CARD
        bridge_stp off
        bridge_fd 0
        #MAC: 00:xx:xx:xx:xx:7F (do not have to do this)
        up ip route add 192.168.0.0/16 via 95.bbb.bb.bbb dev vmbr0 <---ADDITONAL IP
        up ip route add 172.16.0.0/12 via 95.bbb.bb.bbb dev vmbr0  <---ADDITONAL IP
        up ip route add 10.0.0.0/8 via 95.bbb.bb.bbb dev vmbr0     <---ADDITONAL IP



iface vmbr0 inet6 static
        address 2a01:AAA:AA:AAAA::A <----MAIN IP6
        netmask 64 <----SET 64
        gateway fe80::1 <---MAIN IP6 GATEWAY
  # Metric 1 because kernel set up a ipv6 route send the /64 subnet over (::) no next hop
  up ip -6 route add 2a01:AAA:AA:AAAA::/64 via 2a01:AAA:AA:AAAA::3 dev vmbr0 metric 1

auto vmbr1
  iface vmbr1 inet manual
  # LAN INTERFACE
  bridge_ports none
  bridge_stp off
  bridge_fd 0

auto tun0
iface tun0 inet static
#OPT1 GRE0 MAKING GRE FOR PFSENSE CAN SEE SUBNETS IP's
address 10.10.10.2
netmask 255.255.255.252
pre-up ip tunnel add tun0 mode gre remote 95.BBB.BB.BBB local 95.AAA.AA.AA
#95.BBB.BB.BBB IS ADDITONL IP. 95.AAA.AA.AA IS MAIN IP
post-down ip tunnel del tun0
2. Install pfsense
The easy way I can find is to install pfsense or right to point is
First, you must obtain the image and store it in a proper location within your Proxmox machine. Utilizing the following commands to obtain pfSense. To view the latest updates, visit - https://nyifiles.pfsense.org/mirror/downloads and make sure to change the links below accordingly if you want to obtain the latest release. It's possible to utilizing the version below and update it from there.
1590335084666.png


wget https://sgpfiles.pfsense.org/mirror/downloads/pfSense-CE-2.4.5-RELEASE-amd64.iso.gz
1590335717475.png



cd /var/lib/vz/template/iso && ls

Verify that you image has download and that you can see pfSense (the iso.gz). Next, we have to unzip to obtain the iso directly for Proxmox.
1590335836733.png


mv pfSense-CE-2.4.5-RELEASE-amd64.iso.gz /var/lib/vz/template/iso/

apt-get install tar gzip

gunzip pfSense-CE-2.4.5-RELEASE-amd64.iso.gz && ls

Now you should see the extension by itself with the iso. If so, you are ready to install pfSense for Proxmox.
1590335252757.png


Creating a New Virtual Machine
Create a new virtual machine and make the following changes:

  • General
    • Name: pfsense
    • Start at boot: [Checked]
  • OS
    • Use DVD ~ ISO: Select the pfSense ISO
  • Hard Dsik
    • Size (GB): Users choice (Min. 15GB)
  • CPU
    • Cores: Users choice (Min. 2 Cores)
  • Memory
    • Size (GB): Users choice (Min. 2GB)
  • Network
  • Confirm
    • Yes, but do not start it yet.
Additional Configurations
There is one final part to add. Remember from the network configurations we added vmbr303? We need to add it to the virtual machine that was creating. This will serve as your LAN port, which is how your virtual machines talk to pfSense (such as pluging up your desktop computer to your home router).

  1. Select the pfSense virtual machine
  2. Select Hardware
  3. Select Add ~ Network Device
  4. Select vmbr1
  5. Change Model to VirtIO (paravirtualized)
That is it! Now start the virtual machine and select Console and lets view the pfSense interface!
pfSense Software Configurations
Part I

This portion is easy. You should see the following screen once pfSense is loaded up.
1590340446957.png


Now following the instructions as shown below

  • Install pfSense
  • Continue with Default Key Map (unless this has to be changed)
  • Auto - UFS (if you select something different, you're on your own)
From there, pfSense will install
1590340583092.png



  • Manual Configuration - No
  • Complete - Select Reboot
Part II
Follow the guide for the rest of the pfSense setup. You should be starting at this prompt:
1590343171216.png



Setup the WAN interface to be vtnet0
1590343273531.png



Setup the LAN interface to be vtnet1
1590343382939.png



Confirm the interface y
1590343506798.png



Now PFSense is ready to be configured. Before you are able to use it we need to change a few settings. Firstly, we have to enable the management over the WAN port which is disabled by default. So open the console in Promox and press 8 to enter the shell:
download (1).png


and type:
1591597882246.png



After this, you can access the PFSense web interface on your WAN IP.

Follow the basic wizard, and when you're done, we'll change a few more settings.

First, go to System -> Advanced -> Networking, scroll down and make sure these are ticked:
1591598084022.png


Because PFSense is running in a VM these need to be ticked.

After that go to Interfaces -> WAN.
Set your IPv4 configuration type to static IPv4:
1591598158194.png


Then go to Static IPv4 Configuration (below the General Configuration)
1591598241999.png


And enter your WAN IP address and add a new gateway with the gateway from the Hetzner IP which you can find in Robot.
Make sure to set /29. Read more can go to pfSense (Optional) or to Virtualizing pfSense with Proxmox.

NOW THE FUN PART:
In this part we are setting up subnet IP's. Best put to be able to to use our subnet IP's.
  1. Login pfsenes thru Web or VM web.
  2. Go to Interfaces/GREs/ click add
  3. Set up GREs just like this if you copy my interfaces file.
View attachment 4995

4. Now go to interfaces/ Interface Assignments. Then click on OPT1

View attachment 4996
5. Need to enable the interface. Then save it.
View attachment 4997

6. Now check your Gateways Routing click on OPT1. Should look like this in System/ Routing /Gateways/ Edit. If all good save it.

View attachment 4999
View attachment 5001

7. Now last step before given our subnets out to our VM's. Need to check the Firewall /NAT/Outbound rule.

View attachment 5002


NOW WE ARE DONE AND WE CAN GIVE OUR VM's THERE SUBNET IP's.
Can do that by going to Firewall / NAT / 1:1 and clicking add.

Very sorry this is long but this is part that NO ONE want to show you cause of how long it is. IF you have any question about this, I will be happy to work with you....

Here few links that will help new people with pfsense:
pfSense: A Guide to NAT, Firewall Rules and some Networking 101
Lawrence Technology services
Lawrence Technology services YOUTUBE
Virtualizing pfSense with Proxmox
 

Recommend NewsGroups

      Up To a 58% Discount!

Trending