Snaky This is a hard task for me. I spent a lot of time to do the configuration and troubleshooting. Installation is not difficult. The most difficult part to make the guest in VLAN to talk to the internet.
I followed many guide from internet, but those are not able to fix my issue.
I can setup vlan as well as dhcp server. The guest is able to ping other guest in same vlan, pfsense internal and external port, but cannot ping the internet.
I tried to change any-any in vlan firewall rule, but does not help.
I added vlan ip range into my proxmox network/interface for NAT, also does not help.
Finally, I added Firewall NAT on pfsense NAT outbound, with WAN any-any, that’s work!!!
Let me summarize what I did for future reference.
First of all, download pfsense iso.
Then prepare vm guest in proxmox.
Create two vmbr in proxmox, vmbr100 for WAN, vmbr200 for LAN. For me, I added ip address inside proxmox for those, even pfsense can manage it.
vmbr100 = 192.168.100.1/24
vmbr200 = 192.168.200.1/24 with vlan aware enabledProcess to install pfsenes.
After that, in pfsense, set vtnet0 as WAN, vtnet1 as LAN. No need to create VLAN at initial setup.
Set IP in pfsense.
vtnet0 = 192.168.100.2/24
vtnet1 = 192.168.200.2/24After that, it should able to access pfsense web gui my http://192.168.200.2/.
Add the default gateway on pfsense. I have the issue that the pfsense cannot talk to external internet until I set a default gateway (e.g. 192.168.100.1/24)
Then, create VLAN (e.g. vlan id = 10) and interface assignment, set vlan display name, ip address.
Create DHCP for this vlan interface, add dns and default gateway.
Create a testing VM, with network device as vmbr200 with vlan id 10.
Testing vm should able to get the ip from dhcp.
Create firewall rule for vlan, allow any, any, any.
Then create firewall nat outboard, wan, any, any.
Now the testing vm should able to talk to the internet.
Then restrict the firewall rule in WAN, LAN and VLAN to enhance the security.
Everything should done now.
Refer (This guide is very useful, at least for my overall setup)
https://www.laroberto.com/vlans-with-proxmox-and-pfsense/
