I need to enable communication between the VXLANs and the Internet, so the first machine I will create is a pfsense firewall in Proxmox. I will connect the WAN interface to the external network and 2 other interfaces to the VXLANs. This will grant Internet access to the VXLANs, but force the traffic to flow through the firewall.

Creating the Virtual Machine

Prerequisite: Configure Software Defined Networking

The creation of a virtual machine in Proxmox is pretty straightforward. Since this is the first machine in the lab and the first one in this guide I will go into more detail in this post. The first step is to create the machine itself and name it. I configured it to start when the host boots so the VXLNAS have immediate Internet access.

View of create virtual machine showing pfsense name. First step in creating a firewall using pfsense in Proxmox.
Create the virtual machine and give it a name

Next I selected the pfsense ISO image and added it to the CD/DVD drive. I left the system settings default and gave the machine a 40 GB disk.

Selecting pfsense ISO as the operating system installer image.
Selecting the operating system installer image from software uploaded to the server
Leaving the system settings with default settings.
Default system settings for the virtual machine
Setting the disk size to 40GB for the pfsense firewall in Proxmox
Configure disk size set to 40GB

After configuring the disk size, I had to set the CPU and memory settings. I chose to use 1 socket with 2 cores for CPU, and gave the firewall 2048MB or 2GB of RAM.

Configure the CPU to 1 socket with 2 cores in Proxmox
Setting the CPU to 1 socket with 2 cores
Setting RAM to 2048MB or 2GB in Proxmox
Memory set to 2048MB or 2GB for the firewall

Next I set the WAN interface to vmbr0 which is the external facing bridge on my host. Then I confirmed the settings to finish the initial configuration. Before booting I have to add the other 2 interfaces.

Setting the WAN interface to vmbr0 in Proxmox
Set the WAN interface to vmbr0
Screen to confirm settings prior to VM launch. "Start after created" is unchecked.
Confirm settings, uncheck start after created

Before booting the machine I added the DMZ and LAN interfaces, selecting the appropriate Vnet for each bridge. I did not make the change here but recommend configuring the MTU to 1450 now in your setup. You can change it in the pfsense web console if you forget like I did.

LANnet and DMZnet interfaces added to pfsense.
Add the LAN and DMZ interfaces prior to boot

Next, I boot up the machine and am greeted with the pfsense installer.

pfsense installer screen after configuring the virtual machine
Pfsense installer screen

Installing pfsense firewall in Proxmox

Installing pfsense on a virtual machine is also a straight forward process so I will skip the first few installer screens and list the options I selected below.

  • Select Install
  • Select the keyboard layout
  • Select preferred partition method: I went with default
  • Remaining disk options: again I stuck with default
  • When you see a “Last Change!” ZFS configuration select yes to install
  • Once the install is complete select “No” for manual configuration and reboot

After the installation is complete and pfsense reboots you should see a screen stating all links are up. Select no to set up VLANs now.

Installer screen showing all interfaces up and asking to configure VLANs.

Configure the Interfaces

I set my pfsense interfaces to the appropriate Vnets:

  • WAN = vtnet0
  • LAN = vtnet1
  • OPT1 = vtnet2
Example interface configuration assigning the WAN, LAN, and OPT1 to the right virtual interfaces.
Pfsense interface configuration

Next I had to configure the right IP addresses on the interfaces. I left WAN as DHCP, but used option 2 on the main screen to set the LAN and DMZ IPs to the right networks.

Main screen after interface assignment showing WAN and LAN IPs. This requires a change.
Main screen after initial interface configuration

After changing the LAN interface you will receive an IP address for the webConfigurator, in my case the is http://10.0.1.1. Before I switched to the web interface, I had to set the MTU to 1450 on my interfaces using the shell (option 8 from this screen) using the command below.

root: ifconfig vtnet1 inet 10.0.1.1 netmask 255.255.255.0 mtu 1450
root: ifconfig vtnet2 inet 10.10.1.1 netmask 255.255.255.0 mtu 1450
Set the interfaces for internal networks to mtu of 1450 using command ifconfig vtnet1 inet 10.0.1.1 netmask 255.255.255.0 mtu 1450

With that my firewall install is complete and I can switch to the webConfigurator to configure the DMZ network. First, I need a machine to connect to the webConfigurator, which is the subject of the next post.

Previous: Configure Software Defined Networking in Proxmox
Next: Creating the Linux Admin Workstation