Help with a comples scenario.

Started by gilberto.ferreira41, Today at 04:50:15 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 04:50:15 PM
I have a complex scenario with Proxmox and OpnSense.

I have a VM with Opnsense on Proxmox and OPNsense has 4 network cards:

- vmbr0 -> INTERNET
- vxnet1 -> Internal Private Network on VLAN 500, with IP 172.16.0.0/24 - Gateway 172.16.0.254
- vxnet1 -> Private Internet Network on VLAN 100, with IP 172.17.0.0/24 - Gateway 172.17.0.254

Behind OPNSense I have 4 VMS.

LAN network
Debian-A - VLAN 500 - IP 172.16.0.70
Debian-B - VLAN 500 - IP 172.16.0.71

Gateway in OPNSense for Debian-A and Debian-B is 172.16.0.254

VLAN100 network

Debian-C - VLAN 100 - IP 172.17.0.70
Debian-D - VLAN 100 - IP 172.17.0.71

Gateway in OPNSense for Debian-C and Debian-D is 172.17.0.254

I have already created rules to block all traffic between the LAN network and VLAN network.

It turns out that I need the LAN network 172.16.0.0/24, access port 80 and 3306 on the VLAN network.

I'm not getting it.
And when I do, it flashes.
It accesses 2 or 3 times and then stops.
Any ideas?

Thanks.
Today at 05:22:14 PM #1
You possibly have an asymmetric routing issue.
Ensure that Proxmox doesn't have an IP in both networks.

For troubleshooting enable logging in your rules an for the default block rule.
Then check the live log for related blocks.
Today at 07:02:12 PM #2
Quote from: gilberto.ferreira41 on Today at 04:50:15 PMI have already created rules to block all traffic between the LAN network and VLAN network.
And do they work ?!

QuoteIt turns out that I need the LAN network 172.16.0.0/24, access port 80 and 3306 on the VLAN network.
If you have succesfully blocked traffic between LAN and VLAN (as you call it) then you need to add ALLOW rules ABOVE the BLOCK rules for these two ports.

QuoteI'm not getting it.
And when I do, it flashes.
It accesses 2 or 3 times and then stops.

Any ideas?
To be honest I don't understand what you are saying here... :)

Quote from: viragomann on Today at 05:22:14 PMYou possibly have an asymmetric routing issue.
Ensure that Proxmox doesn't have an IP in both networks.
Not sure why you think that, but if he had those issue they can be solved easily by adding some Policy Based/Source Based Routing Rules to Proxmox :)
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Today at 07:13:58 PM #3
Quote from: nero355 on Today at 07:02:12 PMbut if he had those issue they can be solved easily by adding some Policy Based/Source Based Routing Rules to Proxmox :)
Best practice is to keep Proxmox out of layer 3 network, apart from its management IP.
Today at 07:18:24 PM #4
Quote from: viragomann on Today at 07:13:58 PMBest practice is to keep Proxmox out of layer 3 network, apart from its management IP.
Agree, but just saying that it can be solved if needed for whatever reason... :)
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Print
Go Up Pages1
User actions