2. pfSense (Optional)

  • Views Views: 405
  • Last updated Last updated:
  • Stop using Chrome! Download the Brave Browser via >>> [Brave.com]
    It's a forked version of Chrome with native ad-blockers and Google's spyware stripped out! Download for Mac, Windows, Android, and Linux!
Welcome to the PlexGuide.com
Serving the Community since 2016!
Register Now
  • Introduction

    When utilizing virtualization, it is common to start hearing about pfSense? What is it and what can it do for you within Proxmox, especially with Hetzner?
    pfSense is an open source firewall/router computer software distribution based on FreeBSD. It is installed on a physical computer or a virtual machine to make a dedicated firewall/router for a network. It can be configured and upgraded through a web-based interface, and requires no knowledge of the underlying FreeBSD system to manage
    In general, pfSense provides firewall and routing capabilities within your network. This will enable the following:
    • Provides a layer of security between the open internet and your virtual machines
    • Provides routing capabilities (as such with home-router such as assigning ip address such as 192.168.0.100 to a VM)
    • Saves a user money due to not having to purchase a public ip address for each virtual machine
    • Build an entire virtual computer network behind a routed-firewall (pfSense)
    Keep in mind that by deploying pfSense, you are basically replicating a general network that you have within your home. That means that a VM that has an ip address of 192.168.0.100 cannot be directly accessed on the Internet. Through Proxmox, you can access any machine via the provided VNC console that is built within. Is it possible to access the machine using a protocol such as RDP? Yes, but you have to figure out how to reach it through your firewall.

    Prerequisites

    • Obtain a dedicated IP address for pfSense
      • The dedicated IP acts as a WAN (as such with a main ip address dedicated to your home) that filter incoming and outgoing traffic.

    Case for Security

    Lets assume that you love Proxmox and you wish to utilizing and deploy a Windows 10 machine so that you can access it through your browser interface at work. In general, Windows 10 is not a safe machine to assign a dedicated IP and place openly on the internet. This can also apply to any other virtual machines that you have placed on your network.

    By deploying pfSense, your Windows 10 machine can sit behind a virtual router/firewall that provides an additional layer of protection.

    Downloading pfSense for Proxmox

    First, you must obtain the image and store it in a proper location within your Proxmox machine. Utilizing the following commands to obtain pfSense. To view the latest updates, visit - https://nyifiles.pfsense.org/mirror/downloads and make sure to change the links below accordingly if you want to obtain the latest release. It's possible to utilizing the version below and update it from there.

    1590335084666.png

    Bash:
    wget https://sgpfiles.pfsense.org/mirror/downloads/pfSense-CE-2.4.5-RELEASE-amd64.iso.gz
    1590335717475.png

    Code:
    cd /var/lib/vz/template/iso && ls
    Verify that you image has download and that you can see pfSense (the iso.gz). Next, we have to unzip to obtain the iso directly for Proxmox.
    1590335836733.png

    Bash:
    mv pfSense-CE-2.4.5-RELEASE-amd64.iso.gz /var/lib/vz/template/iso/
    Bash:
    apt-get install tar gzip
    Bash:
    gunzip pfSense-CE-2.4.5-RELEASE-amd64.iso.gz && ls
    Now you should see the extension by itself with the iso. If so, you are ready to install pfSense for Proxmox.
    1590335252757.png

    pfSense Network Setup

    Proxmox

    Within the promox server itself, add the following configuration to your nano /etc/network/interfaces

    Under vmbr0

    Add the dedicated IP address that was stated in the beginning.
    1590336686706.png

    Additional

    In addition, place this at the bottom of your file.
    Bash:

    iface eth1.303 inet manual
    vlan-raw-device eth1

    auto vmbr303
    iface vmbr303 inet manual
    bridge_ports eth1.303
    bridge_stp off
    bridge_fd 0

    Save & Reboot

    Now save your configuration by pressing CTRL+X and pressing ENTER for yes.

    Deploying pfSense

    Prior to deploying pfSense, we should ensure that what we added has shown up correctly. You should see eth1, eth1.303, vmbr303 and vmbr303must say that it's ACTIVE

    1590338177992.png

    Creating a New Virtual Machine

    Create a new virtual machine and make the following changes:
    • General
      • Name: pfsense
      • Start at boot: [Checked]
    • OS
      • Use DVD ~ ISO: Select the pfSense ISO
    • Hard Dsik
      • Size (GB): Users choice (Min. 15GB)
    • CPU
      • Cores: Users choice (Min. 2 Cores)
    • Memory
      • Size (GB): Users choice (Min. 2GB)
    • Network
    • Confirm
      • Yes, but do not start it yet.

    Additional Configurations

    There is one final part to add. Remember from the network configurations we added vmbr303? We need to add it to the virtual machine that was creating. This will serve as your LAN port, which is how your virtual machines talk to pfSense (such as pluging up your desktop computer to your home router).
    1. Select the pfSense virtual machine
    2. Select Hardware
    3. Select Add ~ Network Device
    4. Select vmbr303
    5. Change Model to VirtIO (paravirtualized)
    1590339846550.png


    That is it! Now start the virtual machine and select Console and lets view the pfSense interface!

    pfSense Software Configurations

    Part I

    This portion is easy. You should see the following screen once pfSense is loaded up.

    1590340446957.png

    Now following the instructions as shown below
    • Install pfSense
    • Continue with Default Key Map (unless this has to be changed)
    • Auto - UFS (if you select something different, you're on your own)
    From there, pfSense will install

    1590340583092.png

    • Manual Configuration - No
    • Complete - Select Reboot

    Part II

    Follow the guide for the rest of the pfSense setup. You should be starting at this prompt:

    1590343171216.png


    Setup the WAN interface to be vtnet0
    1590343273531.png


    Setup the LAN interface to be vtnet1
    1590343382939.png


    Confirm the interface y
    1590343506798.png


    Now PFSense is ready to be configured. Before you are able to use it we need to change a few settings. Firstly, we have to enable the management over the WAN port which is disabled by default. So open the console in Promox and press 8 to enter the shell:
    download (1).png


    and type:
    1591597882246.png


    After this, you can access the PFSense web interface on your WAN IP.

    Follow the basic wizard, and when you're done, we'll change a few more settings.

    First, go to System -> Advanced -> Networking, scroll down and make sure these are ticked:
    1591598084022.png

    Because PFSense is running in a VM these need to be ticked.

    After that go to Interfaces -> WAN.
    Set your IPv4 configuration type to static IPv4:
    1591598158194.png

    Then go to Static IPv4 Configuration (below the General Configuration)
    1591598241999.png

    And enter your WAN IP address and add a new gateway with the gateway from the Hetzner IP which you can find in Robot.

    After this, reboot PFSense, and you're able to create VM's. Use VMBR303 as network interface for your VM's.
  • Loading…