Tag: vm

Posted on

Configuring pfSense and VLANs on Proxmox with a single NIC and Managed Switch

I’m setting up a VLAN on my Proxmox server to segregate test VMs from my home network. I’ve configured a VLAN with id 10 on my D-Link switch for the port that my Proxmox server is connected to.

I’ve followed the majority of the steps in this excellent guide here, and captured additional screenshots along the way (mostly for my own referenece).

In Proxmox, create a bridge with no IP, and enable ‘VLAN aware’:

Create a new VM for pfSense from the downloaded pfsense ISO from here. For the network, use the default/original network bridge (vmbr0), not the new one just created above – this will be your WAN NIC for pfSense:

One VM is created, don’t boot it yet, but add a second Network Device – for the bridge, use the new one created in the earlier step – this will be your LAN NIC for machines within the VLAN:

Boot the VM and select option to install:

Select option to configure networks. In Proxmox, look at the 2 network devices – the first one should be connected to your default Proxmox bridge (vmbr0) and the second one should be the new one we just added (vmbr99):

For your WAN interface, connect the one that is your default Proxmox bridge, in this case vmbr0:

I’ve left everything default for the WAN interface and then pressed Continue:

On the next screen it shows LAN connection as ‘not assigned’ – select it and press ‘Assign/Continue’:

Select the second interface (vtnet1) that is connected to the new bridge, vmbr99:

Configure your VLAN tags, I’ve set to 10 to match what I’ve already configured on my D-Link manged switch:

I’ve configure my CIDR range as 10.0.10.0/24 and DHCP range of 10.0.10.2 – 10.0.10.254 for this network:

Unless you have a pfSense Plus subscription, select the CE version:

To access the webConfigurator interface we need to temporily disable the pfSense firewall, which we’ll update shortly. In the Console for the pfSense VM, enter option 8 then enter ‘pfctl -d’. It should respond with ‘pf disabled’:

In a brower, go to the WAN ip shown in the Console, and logon with defaults admin/pfsense. Change your password when prompted.

Under interfaces, select your WAN interface and uncheck these 2 options (to enable access to IPs on your VLAN subsets from your local home network IPs:

After applying changes, go back to your Proxmox console for the VM and run ‘pfctl -d again, and the web interface should be accessible again.

To setup a firewall rule to allow access to the pfSense VM from your home network, go to ‘Firewall / Rules / WAN’ and set up a rule with source = ‘WAN subnets’ and destination = ‘This firewall’. Save and apply. Afer a couple of seconds you should have access to the webConfigurator, and the rule should appear like this:

To enable DHCP for your VLAN subnet range, go to Services / DHCP server. If you see this message:

… follow the link and enable ‘Kea DHCP’ backend.

Go back to Services / DHCP Server, check that DHCP is enabled, scrolldown to Primay Address Pool and configure the IP range your your subnet:

From this point you should be ready to go.

To configure a VMs to use the VLAN network and route through pfSense, instead of using the defaul vmbr0 bridge, select the new vmbr99 that you added:

As an example when setting up a new Ubuntu 24.04 server, during the install from ISO, under Network Configuration. you should see the VM magically gets a new IP allocated from your pfSense DHCP server:

In pfSense Status / DHCP Leases you should see this new allocated IP:

To allow access from your home lan to VMs within your new VLAN subnet, you need to:

a) add a pfSense firewall rule allow traffic from your WAN subnet (or a specific ip) to any specific IP destinations (or the whole VLAN subnet if you want to allow access to everything in the VLAN):

And then on the machine(s) that needs to access your VMs in the new VLAN, add a route where the gateway is the ip address of your pfSense VM that is going to handle routing the traffic between your WAN and the VLAN:

sudo route add -net 10.0.10.0/24 [gateway ip]

Where:

  • 10.0.10.0/24 is the CIDR for the VLAN I want to access
  • [gateway ip] is the IP of the pfSense VM that’s connected to your home network

I tested ssh’ing into my new Ubuntu server on VLAN 10 and it’s all good!

Posted on

Changing the desktop when VNC’ing into Solaris 10

By default if you VNC into Solaris 10 you get a basic desktop using TWM:

Screenshot

To Change to CDE, comment out the last line (twm&) in ~/.vnc/xstartup and add:

#twm &
/usr/dt/bin/dtsession &

to start the Java Desktop, instead of ‘dtsession’, add ‘gnome-session’:

#twm &
#/usr/dt/bin/dtsession &
/usr/dt/bin/gnome-session &
Screenshot

If you get this error:

vncserver: couldn't find "xauth" on your PATH.

… edit your ~/.vnc/xstartup and update your PATH to include the following:

PATH=${PATH}:/usr/X11/bin:/usr/openwin/bin

This is covered in more detail in posts here and here.

Posted on

Running Ansible playbooks against RHEL 8 servers

I’m experimenting with some Ansible playbooks against local VMs, in particular, for some reason a RHEL 8 VM, and getting some unitelligible errors:

File \"<frozen importlib._bootstrap_external>\", line 1112, in _legacy_get_spec\r\n  File \"<frozen importlib._bootstrap>\", line 441, in spec_from_loader\r\n  File \"<frozen importlib._bootstrap_external>\", line 544, in spec_from_file_location\r\n  File \"/tmp/ansible_ansible.legacy.setup_payload_z3bjr2pn/ansible_ansible.legacy.setup_payload.zip/ansible/module_utils/basic.py\", line 5\r\nSyntaxError: future feature annotations is not defined\r\n", "msg": "MODULE FAILURE: No start of json char found\nSee stdout/stderr for the exact error", "rc": 1}}, "msg": "The following modules failed to execute: ansible.legacy.setup\n"}

Googling for various parts of this error, I think the key error is:

SyntaxError: future feature annotations is not defined

… as this shows up in a few posts, and in particular this excellent post by Jeff Geerling that explains exactly what is going on with Python version incompatibilities between later versions of Ansible and RHEL 8 (which uses an older version of Python, 3.7)

Ansible version on my Mac:

❯ ansible-playbook --version
ansible-playbook [core 2.18.6]

Downgrading to Ansible 9x with brew:

❯ brew install ansible@9
==> Fetching downloads for: ansible@9
Warning: ansible@9 has been deprecated because it is not maintained upstream! It will be disabled on 2025-11-30

For personal projects this is not much of a big deal, and I don’t think I’m particularly taking advantage of any newer Ansible features, but bit of a version dependency nightmare.

Now I get:

❯ ansible --version
ansible [core 2.16.14]

… and can successfully apply playbooks against my RHEL 8 VM.

Proudly powered by WordPress