pfSense on Proxmox installation and configuration - Step-by-step

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey what's going on guys brandon lee with virtualization how to hope you guys are doing fantastic and we have a really awesome video to cover today if you like networking if you like security appliances and you like proxmox or you're working with proxmox in your home lab we're going to take a look at how to install and how to configure a pf sense installation running on top of a proxmox ve server so let's dive right in [Music] the first tasks that we need to take care of with our proxmox host before we even begin the pf sense installation is to take a look at the network configuration for our proxmox post we are going to need a wan address and a lan address on the pfsense appliance and this is not really specific to pfsense per se or proxmox any virtual router or firewall solution that you run on top of any hypervisor in the most basic configuration they will have a wan side and a lan side to the configuration and that's pretty basic that is what we are going to facilitate in our network configuration on our proxmox host as you can see i have the default bridge that was created when i installed my proxmox server and i have a network range that is assigned to that default bridge i am going to use that to attach my pf sense router firewall for the wan interface for the lan interface i have created another network bridge in proxmox that is attached to another network in my home lab environment that i am going to use to simulate a lan network and this will make a little more sense as we install the pfsense appliance to actually get started with the installation of psense on top of proxmox we need to get the installation media to a location where proxmox can utilize that to actually perform the installation of pfsense so i have already downloaded the pfsense installation iso media to actually get the media to our proxmox server i'm going to click on my iso storage that i have created i'm going to click on iso images and i'm going to click the upload button and this brings up the upload dialog box i'm going to click the select file and then click the pfsense community edition 2.6.0 installation iso clicking open and we simply click the upload button as you can see we now have the pfsense 2.6.0 iso image now uploaded to our isos repository we are now ready to create the psits virtual machine in proxmox to do that i'm going to click on my proxmox host i'm going to click the create vm option and here we actually create the virtual machine that will be the shell of the pfsense insulation so let's step through these steps on the create virtual machine dialog box we're going to select our node i'm going to call this pf sense on the operating system i'm going to select the pf sense community edition iso from the isos repository leaving the kernel selected for linux i'm going to leave the scuzzy controller selected to vert i o scuzzy on the disk screen we're just going to leave the defaults here on the cpu screen i am just simply going to leave the sockets and cores set to 1. memory is set to 2 gigs by default i'm leaving that on the network screen i am selecting the check box no network device and the reason for that is we're going to once the virtual machine is created we will go back and we will add the network adapters as we want in our configuration and we get to the confirmation screen so if you need to make any changes at this point you can go back and do that however once you have the virtual machine configured you can click the finish button as you recall when we created the pf sense virtual machine we left off adding a network adapter so we're going to go back and we're going to now configure the network adapters so too to carry both the wan and the lan side traffic clicking on the virtual machine clicking on the hardware menu notice the add button so i'm going to click add and i'm going to add a network device now remember we need the when side connection and we need the lan side connection so in my environment the lan side connection will be handled by the first network bridge that was selected by default i in my environment am using this in a nested environment so i am going to select the intel e1000 and the reason i know that is because i've experimented i played around with this just a bit so i know which adapter i need to choose this will vary depending on if you're installing this inside a virtual machine if you're installing it on a physical proxmox host i'm going to select e1000 i'm not using vlan tagging for this lab environment so i'm going to click add i'm going to now go back and i'm going to also add another network device this time i'm selecting my vmbr1 so the second network bridge that i had created using the additional network adapter this will carry the lan side traffic for my pf sense installation so i've got the e1000 selected i'm going to click add and just to review as you can see i have two network adapters one meant for lan side traffic the other meant for lan side traffic that is how it's configured in my environment again you will have to experiment for your use case now that we have the virtual machine created with the two network adapters configuration that we need for win and lan i have powered on the virtual machine in proxmox and i've opened a console connection to that virtual machine first screen we're just going to accept the euler we're going to hit enter to install pfsense going to accept the default key map we're going to use the automatic zfs configuration we're going to select the install proceed with installation option here i'm simply going to select the stripe no redundancy select the disk that we want to use okay yes we want to destroy the contents of the disk and now the distribution begins fetching the installation files that it needs the installation of pfsense is now finished and you will see the question if you want to make any final manual modifications and we're going to say no and we're going to reboot the pfsense virtual machine once the virtual machine reboots we will then continue the configuration once the psets virtual machine has rebooted the appliance will boot into this text based configuration what this will allow you to do is verify that the ip addresses and the interfaces are configured and attached to the segments of the network that are expected in my case the wan connection is correctly pulling a dhcp address as expected from the ip range that i do expect as well the lan side pf sense defaults to a 192.168.1.1.24 a class c subnet here you will want to customize your lan ip address configuration to match the network configuration on your lan so i'm going to select number two and we're going to set ip addresses select the lan interface enter the new lan ipv4 address i'm going to put in the address that i want and we're going to enter the subnet bit count which is 24 for class c and i'm going to simply enter enter and i'm going to say no on dhcp currently just for the lab environment and i don't want to revert to http say no as you can see the address has now been reconfigured for the lan side now as we review the configuration change we still have an external dhcp address and we have our customized internal lan ip address in most configurations with pfsense you will take a dhcp assigned address from your internet service provider they will hand out a lease of an ip address that you will want your wan connection to be able to lease from your isp once that happens then natting and other processes take place that allow the pfsense firewall to nat traffic and protect your internal network that you now have configured for the lan ip address and subnet that you want to configure now from a computer that is on the lan segment of the pfsense firewall we can now browse out to the ip address configured in that text based setup as you can see i am browse out to 172.16.16 the ip address of the lan interface of my pfsense firewall running inside of proxbox you're going to sign in with the default of admin and psense once logged in you're going to accept the eula this will begin the web-based configuration wizard so it's going to step us through the process to fully configure our psense firewall first things first we're going to simply next on the initial screen next on the global support directive from netgate next we're going to configure a hostname i'm going to set that to all lower case i'm going to set the domain to cloud.local i'm going to set a primary dns server and we're going to click next going to leave the ntp configured as expected and you can set your time zone if needed and on the wan interface we now have another opportunity to configure the wan side and the lan side coming up as well here i'm just going to next just make note that you have all of the options if you need to configure ppoe or other specific dhcp configurations on the lan interface again we have the ability to configure that ip address differently here going to set the admin password and we're going to reload the configuration with the changes so now reload is in progress of our pf sense firewall virtual machine and it always only takes just a couple of seconds we get the directive that pf sense is now fully configured after you click finish you will be taken to the main dashboard of the pfsense virtual machine again we're going to be prompted with a eula of sorts we're going to accept that going to click close on the thank you from netgate and now we have access to our pfsense dashboard and as you guys have seen and most likely you've loaded pfsense before we've got directives for system interfaces firewall services vpn status so all of these modules allow for specific configuration now that you have the virtual machine up and running pfsense is a fantastic open source firewall and proxmox is a fantastic open source hypervisor when you combine the two it is an excellent combination of open source software that you can run inside the home lab providing firewalling services and adding services ingress capabilities and the overall protection that you get from a enterprise firewall such as pfsense proxmox makes this process to spin up a virtual machine extremely easy as shown one of the main considerations that you make is simply making sure the networking is correct on the proxmox server so that you can attach that pf sense virtual machine to the appropriate networks for both when and land side traffic one brandon lee i hope you've enjoyed this video please do like the video subscribe to the channel let me know your thoughts on pf sense on proxmox what configurations are you running inside of your home lab take care guys stay safe keep the coffee hot and i will see you guys [Music] you

Info

Channel: VirtualizationHowto

Views: 70,971

Rating: undefined out of 5

Keywords:

Id: mwDv790YoZ0

Channel Id: undefined

Length: 12min 16sec (736 seconds)

Published: Mon Sep 12 2022