[PVE-User] Single host with public access to VM only

Joel S. | VOZELIA joel at vozelia.com
Tue Jul 8 15:30:42 CEST 2014 

Hi, 

pfSense has restricted access to its AdminGUI by default, have you created a rule to be able to reach it from the WAN interface? Before getting any further, that should be done...

Just for testing purposes, enable on WAN:

A) TCP port 80 (HTTP)
B) TCP port 443 (HTTPS)
C) ICMP echo-request (PING)

Try and access the GUI, let me know the results.


Best regards, 
Joel.


----- Original Message -----
> From: jon at whiteheat.org.uk
> To: jon at whiteheat.org.uk
> Cc: pve-user at pve.proxmox.com
> Sent: Tuesday, July 8, 2014 4:47:25 AM
> Subject: Re: [PVE-User] Single host with public access to VM only
> 
> On Mon, 07 Jul 2014 14:30:26 +0100, <jon at whiteheat.org.uk> wrote:
> > Hi,
> > 
> >   I have single box Proxmox setup, with 1 public IP on the host, and
> > several VMs with private IPs, using Shorewall on the host to
> port-forward.
> > 
> > What I'd like is 1 VM, with 2 interfaces running pfsense, with public
> and
> > private IPs.  Thus, being able to disable public access directly to the
> > host, and instead giving it a private IP.
> 
> I've made some progress with this, with assistance from Diaolin (many
> thanks).  But still pfsense's public IP HTTPS address is not working, here
> is what I have:-
> 
> auto lo
> iface lo inet loopback
> 
> auto eth0
> iface eth0 inet manual
> 
> auto vmbr0
> iface vmbr0 inet manual
> 	bridge_ports eth0
> 	bridge_stp off
> 	bridge_fd 0
> 
> auto vmbr1
> iface vmbr1 inet static
>         address 10.10.1.10
>         netmask 255.255.255.0
>         gateway 10.10.1.1
> 	bridge_ports none
> 	bridge_stp off
> 	bridge_fd 0
> 
> 
> pfsense has two interfaces one attached to vmbr0 (internet public IP)
> other to vmbr1 (10.10.1.1)
> 
> But, I can not connect to pfsense from its public IP.  From a local
> console on the Proxmox host, I can ping the gateway 10.10.1.1 and the
> public internet 8.8.8.8 so the pfsense VM is running.
> 
> If any one has any ideas about this last bit, I'd appreciate it.
> 
> Kind regards,
> Jon
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>

More information about the pve-user mailing list