Gateway setup for Sonicwall interfaces

R

rd1218

New Member
Oct 20, 2023
11
0
1
Please consider PVE at a server with 3x ethernet ports.
The ideia is to work with our Sonicwall firewall where each ethernet port connects to a interface:
a) eth0 -> interface X0 - LAN with proxmox portal (192.168.10.0/24) - gateway 192.168.10.1
b) eth1 -> interface X2 - web servers within containers (20.0.0.0/24) - gateway 20.0.0.1
c) eth2 -> interface X3 - mail server (30.0.0.0/24) - gateway 30.0.0.1

I can't find a way to connect eth1/eth2 to other gateway, they are always being connected to 192.168.10.1.
I've been informed that there can be only one default gateway.
So I'm not finding a way to isolate networks as intended.

What should I do to achieve the desired isolation?
 
Last edited:
Usually a router that will route between the three subnets. And the gateways you set up in the webUI are just for the PVE host. Your VMs and LXCs could still use their own gateway different from the one you PVE server is using.
So no need to set 20.0.0.1 and 30.0.0.1 as a gateway. You do that on the guest level.
 
Last edited:
Dunuin said:
Usually a router that will route between the three subnets. And the gateways you set up in the webUI are just for the PVE host. Your VMs and LXCs could still use their own gateway different from the one you PVE server is using.
So no need to set 20.0.0.1 and 30.0.0.1 as a gateway. You do that on the guest level.
Click to expand...

Instead of a router, do you think I could apply 3x VLAN for this?
 
rd1218 said:
Instead of a router, do you think I could apply 3x VLAN for this?
Click to expand...
Mail servers and web servers sound like they need to be accessed from the internet. So you still need something that routes between your isolated subnets and the internet...no matter if you use VLANs or not.
 
The below layout worked for me, hope it may help anyone who get here looking for ideas.

My goal was to work with only one switch (would have enough ports) but this would'nt isolate traffic (LAN and DMZ).

Since SonicWall also works as a router among its interfaces and I had an available switch, I made them work as below.

SonicWall interfaces:
- X0: connected "switch1" with intranet devices - range 192.168.0.0/24 (LAN)
- X1: WAN port (internet)
- X2: connected "switch2" with Proxmox server (with its containers and VMs) and also with other servers (web servers) - range 20.0.0.0/24 (DMZ)

In this layout, internet requests arrive at SonicWall firewall, after evaluation it is sent to X2 interface:
- If IPv4 then it connects to VM/CT "nginxA" - http(s) services
- if IPv6 then it connects to VM/CT "mailcow" stack (that has its own nginx) - mail server

In the future I may connect a dedicated machine at X3 interface to deal with IPv6 requests (mail server)
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back