So I use Proxmox for a handful of clients who mostly have business-class ISP's with static IP addresses. Works great there, no issues.
I also have a proxmox server set up at my home running several test machines, file servers, etc - plus a container with iptables firewall and OpenVPN server. Also works great - mostly.
My question/problem is this:
My home ISP is Comcast residential cable. I have 2 bridges set up like below in the config list. vmbr0 is internal net and the NIC links to a switch. vmbr10 is external and links straight to my cable modem. vmbr10 has no IP assigned. About 50% of the time if I have to restart my Proxmox server, the vmbr10 MAC is seen by the cable modem and hence gets the only public IP I have available. THe other half of the time, the firewall container beats it to the punch and gains the Public IP - (this is what I want to happen all the time!)
Any ideas? It seems the cable modem defaults to handing the IP address to the first MAC it sees on the network, so I was thinking some way to block all traffic from the vmbr10 MAC would be ideal, so that the only traffic my cable modem sees comes straight from the firewall container MAC.
Notes:
DHCP is not enabled on Proxmox host
vmbr10 does NOT have any IP set as you can see in the config below
I have changed the container MAC address (and it's dhclient.conf MAC identifier) to an unused but perfectly valid MAC from a NIC that I put in the trash.
interfaces file from host:
interfaces file from guest firewall container
And last, relevant vz conf file portion for network config on that container (with MAC's obscured for security)
I also have a proxmox server set up at my home running several test machines, file servers, etc - plus a container with iptables firewall and OpenVPN server. Also works great - mostly.
My question/problem is this:
My home ISP is Comcast residential cable. I have 2 bridges set up like below in the config list. vmbr0 is internal net and the NIC links to a switch. vmbr10 is external and links straight to my cable modem. vmbr10 has no IP assigned. About 50% of the time if I have to restart my Proxmox server, the vmbr10 MAC is seen by the cable modem and hence gets the only public IP I have available. THe other half of the time, the firewall container beats it to the punch and gains the Public IP - (this is what I want to happen all the time!)
Any ideas? It seems the cable modem defaults to handing the IP address to the first MAC it sees on the network, so I was thinking some way to block all traffic from the vmbr10 MAC would be ideal, so that the only traffic my cable modem sees comes straight from the firewall container MAC.
Notes:
DHCP is not enabled on Proxmox host
vmbr10 does NOT have any IP set as you can see in the config below
I have changed the container MAC address (and it's dhclient.conf MAC identifier) to an unused but perfectly valid MAC from a NIC that I put in the trash.
interfaces file from host:
Code:
# network interface settings
auto lo
iface lo inet loopback
iface eth1 inet manual
iface eth4 inet manual
iface eth0 inet manual
iface eth2 inet manual
iface eth3 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.168.101.201
netmask 255.255.255.0
gateway 192.168.101.11
bridge_ports eth1
bridge_stp off
bridge_fd 0
auto vmbr10
iface vmbr10 inet manual
bridge_ports eth4
bridge_stp off
bridge_fd 0
interfaces file from guest firewall container
Code:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.101.11
netmask 255.255.255.0
auto eth1
iface eth1 inet dhcp
And last, relevant vz conf file portion for network config on that container (with MAC's obscured for security)
Code:
NETIF="ifname=eth0,bridge=vmbr0,mac=00:00:00:00:00:00,host_ifname=veth101011.0,host_mac=00:00:00:00:00:00;ifname=eth1,bridge=vmbr10,mac=00:00:00:00:00:00,host_ifname=veth101011.1,host_mac=00:00:00:00:00:00"