I am running Proxmox VE (PVE) 8.3 on a mini PC that has 5 2.5GB NICs. The mini PC will only host pfsense CE (2.7.2) and a couple local services. I use PCI pass-through to a pfsense VM for 4 of the 5 NICs. Those NICs are my WAN, LAN, Wifi and IOT networks. The last NIC is in vmbr0 as I wanted access to the PVE GUI if pfsense went down. What I just released is the I cannot access PVE GUI from the LAN nor does PVE have internet access. Is there a way for me to:
1/ Connect to PVE GUI from LAN
2/ Give PVE internet access for software upgrades, etc
The only thing you can do is setup an out-of-band connection to your host directly if your pfsense goes down you can still manage it. Something like the JetKVM. If you are routing all traffic through pfsense then you are out of luck.
These are the issues when running a forbidden router.
if you have a separate managed switch you can do this e.g. like this:
configure a VLAN for “LAN” on the managed switch
connect both, PVE vmbr0 and the pfSense LAN interface, to switch ports using the “LAN” VLAN for untagged/native traffic
now any machine connected to a “LAN” VLAN port on the switch, or any BSSID mapped to this VLAN can reach the PVE UI even if the pfSense VM is down. You can also reach PVE from other internal networks given that the pfSense VM is running and routing accordingly. The PVE can access the internet as long as the pfSense VM is running and routing from LAN to WAN.