Proxmox Networking Setup

Good morning all,

I am quite new to proxmox, and quite uneducated in server network set-ups. I have a host server which has Proxmox installed. It has 2 Ipv4 address pointed to it. The setup that i need is for one of the IP address to point to a VM which will contain pfSense or ngix.

I cant seem to get my head around the network configs, ive tried pretty much everything i can find to no avail. I cannot get any VM, or container for that matter to access the internet.

I would not grovel for help if i hadn't tried everything in my arsenal. I've had to put my server into rescue mode so many times due to me messing with the /network/interfaces.

Any sort of help or guidance would be massively appreciated, if not rewarded. I am at a loss of where to go with this now.

Thanks, Scott
 
I have the same problem. VMs are connected to vmbr1 with internal IPs and external IP only one to vmbr0. How to make the VMs use this IP and connect to the internet?
 
that is the main problem, probably. What is not clear about http://pve.proxmox.com/wiki/Network_Model ?

Marco
To be ohnest I did, and had the very same configuration as in the example, but they can not connect to the internet. The special thing is that I have a proxy, but the proxy works fine if i connect to a VMs on vmbr0. Been newbie to networks, and read from the Debian Wiki, but I still think that I miss something.
 
I have the same problem. VMs are connected to vmbr1 with internal IPs and external IP only one to vmbr0. How to make the VMs use this IP and connect to the internet?
Use the following commands on your proxmox host:
Code:
/sbin/iptables -t nat -A POSTROUTING -o vmbr0 -j MASQUERADE
/sbin/iptables -A FORWARD -i vmbr0 -o vmbr1 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i vmbr1 -o vmbr0 -j ACCEPT

If you are satisfied you can add the commands to /etc/rc.local by inserting the three lines just before the line containing 'exit 0'
 
I found the mistake. Most of the changes that I have done, I have restarted the network services. I restarted the whole server and the changes were effective. I just added the this three line to vmbr0:

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eth0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eth0 -j MASQUERADE
So I have now Internet on my VMs, except for the proxy but this is not a proxmox thing. I have a reverse proxy which is suppoused to help me get connected to the Internet, but it gives me "unauthorised acess 401". In the config file in NTLMaps I have written the correct Id, domain and password. Do you have any idea why such an authentication does not work. Anyway, thank you for showing me the wiki link once again :)
 
Your setup is very dangerous since you allow all traffic from eth0 to pass to your internal network. At least also add these lines:

post-up iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
post-down iptables -D FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
 
thank you did not thought of that, what does -m state mean, could not find it in google
 
See http://www.iptables.info/en/connection-state.html

Short explanation:
-m state refers to the state machine. A connection can be in one of four states:
NEW, ESTABLISHED, RELATED and INVALID

--state
RELATED,ESTABLISHED refers to a connection which is established and related to a prior allowed connection which means a connection coming from eth0 will only be allowed if it is related to an allowed established connection. Eg. a new connection from outside will be rejected or dropped depending on default policy.
 
See http://www.iptables.info/en/connection-state.html

Short explanation:
-m state refers to the state machine. A connection can be in one of four states:
NEW, ESTABLISHED, RELATED and INVALID

--state
RELATED,ESTABLISHED refers to a connection which is established and related to a prior allowed connection which means a connection coming from eth0 will only be allowed if it is related to an allowed established connection. Eg. a new connection from outside will be rejected or dropped depending on default policy.

Great! many many thanks!
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!