Configure a virtual network (pfSense / VLANs) – OpenVZ 7

In this post I will explain how to add VLANs to Containers and VM’s and how to set up a virtual network infrastructure with pfSense using OpenVZ 7.

Let’s start with the network configuration!

Connect to your OVZ7 host with SSH and type:

nmtui
  • ‘Edit a connection’ and press ‘Add’.
  • Create a ‘bridge’ connection.

Choose a profile & device name. (br1 for example)

Press Add and Create a VLAN slave connection.

Interfacename.VLANID (eth0.4001 for example) and press Ok. (Leave MTU default)

Disable Spanning Tree Protocol (STP).

Set a static IP-address without Gateway & DNS. (IP with Subnet: 192.168.1.6/24 for ex.)

Scroll down and Press Ok to finish the configuration. Follow the steps for each host. The address must be unique on every host. 192.168.1.5 on host1 and 192.168.1.6 on host2 for ex. Reserve IP 192.168.x.1 for the router.

Add network1 and assign network1 to eth0.4001.

prlsrvctl net add network1
prlsrvctl net set network1 -t bridged --ifname eth0.4001

To check that the physical adapter has been added to the network1 virtual network, you can execute the following command:

prlsrvctl net list

The OVZ7 VLAN configuration has been completed!

Build your own virtual router with pfSense. (without Virtuozzo Guest Tools)
Download: https://www.pfsense.org/download/ and extract the gz file.

cd /root
wget pfSensedownloadurl.iso
gunzip pfsensename.iso.gz


prlctl create router --distribution freebsd --vmtype vm
prlctl set router --device-add cdrom --image /root/PFSENSENAME.iso
prlctl set router --vnc-mode manual --vnc-port 5905 --vnc-passwd Password
prlctl set router --cpus 2
prlctl set router --memsize 2G
prlctl set router --diskspace 20G
prlctl set router --device-add net
prlctl set router --device-set net1 --mac auto
prlctl set router --device-set net1 --network network1
prlctl set router --device-set net0 --mac VirtualMAC
prlctl set router  --device-set net0 --ipadd PublicIP/CIDR --gw GatewayIP \
--nameserver 8.8.8.8
prlctl start router

After creating the router, you must allow remote access to the public IP on port 443.
Connect with VNC(viewer) to your OVZ7 host on port 5905 and select Option 8 (bash).

Remote/Home IP XX.XX.XX.XX: to the WAN/pfSense IP on YY.YY.YY.YY:

easyrule pass wan tcp XX.XX.XX.XX YY.YY.YY.YY 443


Connect with your webbrowser to pfSense (https): https://publicip/
Follow the steps in the ‘Setup Wizard’.

Do not forget to enter the DNS & Gateway(pfSense IP) on the DHCP server page under Services.

The pfSense configuration has been completed!

Create a container with DHCP in VLAN 4001.

prlctl create CTNAME --vmtype ct --ostemplate centos-7-x86_64
prlctl set CTNAME --netif_add netif1
prlctl set CTNAME --ifname netif1 --network network1
prlctl set CTNAME --ifname netif1 --dhcp yes
prlctl set CTNAME --cpus 2
prlctl set CTNAME --memsize 4G --swappages 512M
prlctl set CTNAME --userpasswd root:password
prlctl set CTNAME --diskspace 50G
prlctl set CTNAME --hostname vlantest
prlctl set CTNAME --onboot yes


Thanks for reading this post! Would you like to leave a comment with your opinion or question?

Leave a Reply

Your email address will not be published. Required fields are marked *