Skip to main content

Proxmox + pfSense -> Transparent Bridge


Old Dell Precision 390:
CPU: 2 x Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Disk: 150GB
3 Ethernet Ports

Installing pfSense:

  1.  Install pfSense from iso. Suggested Specs: 32GB disk, 2GB RAM, 1CPU
  2. Add network interfaces (2 minimum, I'm using all 3 I have available)

  3. Run the installer, no need to set VLAN but do assign interfaces.
  4. pfSense up and running!

Configuring pfSense:

Follow the steps mentioned in this forum post, I've added extra details in bold:

  1. Disable Outbound NAT.
  2. Go to the 'System -> Advanced -> System Tunables'  and set from 'default' to '1'. Also set to 0
  3. Bridge WAN and LAN by going to 'Interfaces → Assign → Bridges'
  4. Create OPT2 (there should be already an OPT1 since we are using 3 nics) interface and assign the bridge to it by 'Interfaces → Assignments. 
  5. Add an IP address to the bridge interface; this IP is the one you will use to access the firewall long term (you'll need these if you are only using 2 NICs, for example
  6. Give OPT1 and adress within your LAN subnet (something like
  7.  Add allow all rules to ALL firewall interfaces to avoid being locked out. Interfaces OPT1, OPT2 WAN, and LAN (You can restrict access later, let's get it working first)
  8. Set WAN and LAN interface type to 'none'. (Under 'Interfaces' in GUI)
  9. Disable DHCP server (for the LAN, you will probably need to disable DHCP first) 
  10. The firewall should now be able to be accessed from all ifaces via the IP on the bridge from step 5 and 6. For 5 you will need to manually chance the IPv4 address to something like 
  11. Carefully modify your firewall rules to be more restrictive. DNS, DHCP, etc. Note: You will be adding the rules to the OPT2 interface (the one assigned to the bridge) 
At this point I think I was done, but since I'm running pfSense within a VM in Proxmox, there are some extra steps. Otherwise performance could be severely impacted (I w

Virtualized pfSense:

Check this info from Netgate, the important part is about disabling  hardware checksum offload
  1. System > Advanced and select Networking tab. Under Networking Interfaces section check the Disable hardware checksum offload
  2. Click save
  3. Reboot
Now you are done! 

Ascii Diagram:

|            |
|            |
      | eth0
|     vtnet0               |
|Proxmox + pfSense (DELL)  |
|     Vtnet1      Vtnet2   |
      |eth1          |eth2
      |          +---+
+------+------+  |
|   WAN PORT  |  |
|   Home      |  |
|   Router    |  |
|   LAN PORT  |  |
+-----+-------+  |
     |           |
     |           |
 +---+-----+     |
 |         |     |
 |  SWITCH |     |
 |         |     |
 +-+-----+-+     |
   |     |       |
   |     |       |
   |     +-------+
| LAN |
|     |

Note: Squid as a transparent proxy might not work in this setup


Popular posts from this blog

A dirty Air Purifier!

 A throwback from 2012, when we used to live in a basement apartment from the 60s-70s in Laval, QC. To be fair it didn't feel so dusty, but the air purifier told another story (this is after ~ about 4 months of use)  yuck! All cleaned up and ready to use again!

Synology NAS: Location of logs for running scheduled tasks (DSM 7)

Recently, I had a scheduled task running for long, and i noticed I couldn't find the logs as I used to find them while using DSM 6. I ended up creating a ticket for Synology Support, but I did get too far with them. I started looked at the running processes, and with a bit of luck I was able to find it. the location in my NAS is /volume#/@tmp/synoscheduler/logs It happens to be the case it's the same volume I write the logs to (once the tasks finished). For you it may be volume1 or else Inside you will find a folder with a name starting with @, like @16589, once you have a task running.