Finally, we need to forward traffic from the WAN to internal VMs.
## Connecting a virtual machine to the router
Firstly, a new Proxmox virtual machine must be created. Ensure its network device
is set to `vmbr2` (which is configured as the OPT1 device in pfSense).
## Setting up virtual IP addresses
Virtual IPs are required for NAT. [Here is pfSense's official documentation](https://docs.netgate.com/pfsense/en/latest/book/firewall/virtual-ip-addresses.html).
1. From the "Firewall" menu, select "Virtual IPs".
2. Add two new virtual IPs with the following settings:
<metaname="description"content="{{ if .IsNode }}{{ with .Site.Params.description }}{{ . }}{{ end }}{{ else }}{{ with .Description }}{{ . }}{{ end }}{{ end }}">