How to bridge ethernet through Windows10 VM?

K

khanhlpbao

New Member
Aug 30, 2023
16
0
1
I have a picture for you to easily understand
tt.png
In my working place, there are two type of router, both of them can connect to internet. Router 1 (eno1 interface on Proxmox) is the router that connect between departments and have more strict rule and firewall, the access to this router be controlled by IT Department and each computers must let them access directly or via Remote controller programs like Ultraviewer. The second router (enxXXX interface on Proxmox) is the router installed exclusively for my departments so it will not eat up every bandwidth of router 1 when NIPT finished sequencing and pour data to the contracted database.
The problem is that not every computers connect to enxXXX, its almost used by NIPT workstation and others smartphones via Wifi, the main LAN network on my department is the eno1. Now I'm charging of making temporary cloud storage for department until the IT department deals with the other requests. I can bridge the enxXXX and others computers can access Nextcloud by typing the IP related to that bridge (192.168.5.XX). However, the eno1 router only recognize and turn up IF THE OS IS WIN10. I tried to contact to IT department to map the internet so I can access Proxmox and everyone can access Nextcloud through computers that connect to this network, but they do not familiar with Linux and give up. I also tried pfSense VM with PCI Passthrough entire network port but the moment pfSense turned on the interface immediately shut down and I have to call IT Department again, then received a direct warning to not plug this network to any routers without their permission.
Now I have to create a win10 VM, PCI passthrough network port to this VM and ask them to allow Win10 VM to connect through this network with IP 192.168.7.xx. Is there any way I can make another bridge like vmbr1, link this bridge to the IP of my Windows10 VM so I can access Proxmox and Nextcloud VM on this LAN?
 
Last edited:
Hi, i am struggling to understand what you are trying to do.

1. make your words less - don't tell us about your politics and issues with IT they are distracting
2. i have no clue what you are trying to connect to where or what an NIPT is - please be clearer, about what machine needs to route traffic to enXXXXX, be clearer about what is connected to that and what your users expect to connect to and where they are
3. if you are tying to connect VM100 to both routers at the same time that is doable - give it two virtual interfaces, map one interface to en01 and map a different interface to enxxxxx (or multiple vmbrs) and make that the default gateway inside the VM.
4. if you need more complex routing then yes no wonder your IT department are pissed and keep turning your ports off if you keep standing up routes to the internet they can't secure - you are a security risk
 
scyto said:
Hi, i am struggling to understand what you are trying to do.

1. make your words less - don't tell us about your politics and issues with IT they are distracting
2. i have no clue what you are trying to connect to where or what an NIPT is - please be clearer, about what machine needs to route traffic to enXXXXX, be clearer about what is connected to that and what your users expect to connect to and where they are
3. if you are tying to connect VM100 to both routers at the same time that is doable - give it two virtual interfaces, map one interface to en01 and map a different interface to enxxxxx (or multiple vmbrs) and make that the default gateway inside the VM.
4. if you need more complex routing then yes no wonder your IT department are pissed and keep turning your ports off if you keep standing up routes to the internet they can't secure - you are a security risk
Click to expand...
Hi, thank you for your response
2. NIPT stand for the diagnosis of fetal DNA in maternal blood, but its not important in this subject. The router that connect to NIPT system act as independent ethernet for department to prevent the NIPT system used all bandwidth when it push the results to Bioinformatics database in China for calculation.
3. I don't want to connect both to VM100, I set PCI Passthrough of the ethernet port to VM100 (Win10 VM) so the IT Department can open ports and allow me to access to LAN. What I want is I create another bridge/bond or connection on Proxmox, and I want to link it with the workplace's LAN (which IT Department only get used of win10) so I can pull data to Ubuntu containers to calculate and export results.
4. I don't established domain for Nextcloud and put it online on the internet, just for the LAN network so other people can access and upload their data to Nextcloud for temporary storage.
 
I am not sure why you used PCI passthrough when binding the VMs virtual NIC to a host nic connected to the LAN. If you had not used PCI passthrough both VMs could have shared the same bridge, connected to LAN - would that not be easier?
 
  • Like
Reactions: khanhlpbao
scyto said:
I am not sure why you used PCI passthrough when binding the VMs virtual NIC to a host nic connected to the LAN. If you had not used PCI passthrough both VMs could have shared the same bridge, connected to LAN - would that not be easier?
Click to expand...
It is because you needed IT department to allow the access to the router. However, they are not familiar with Linux (or hornestly they AFFRAID when the computer ask for connection not have Windows 10). I asked them 4 times to allow my computer accessed to router but they come, type sudo apt update and then quit.
 
What has your IT dept got to do with it - there is nothing they need to do on your machines 'to allow it' through. Do you know networking?

Option 1 - use en01 for VM101 and VM100
VM101 and VM100 can *share* the same NIC if you don't pass it through as PCI.
In this scenario:
  1. stop passing it thorough to VM101
  2. don't configure ANY ip address on en01 interface on the proxmox host
  3. configure VM101 and VM100 to have a virtual NIC each
  4. if your IT dept has DHCP set the network adapter in each VM to acquire it's address via DHCP
  5. If not statically address them instead.
This will look like two unique devices each with their own MAC address to your IT dept.

Option 2 - install more NICs in the proxmox host
In this case install another NIC and pass it through to VM101.
Set it up in the same way VM100 was setup - now all your LAN users can use it, and it can still access your internet so long as the default gateway remains on the VMBR virtual nic.

If you mess with bridges, routing protocols and trying to connect vmbr0 to the LAN and the internet you quite rightly will get the wrath of your IT dept, good luck.
 
Th
scyto said:
What has your IT dept got to do with it - there is nothing they need to do on your machines 'to allow it' through. Do you know networking?

Option 1 - use en01 for VM101 and VM100
VM101 and VM100 can *share* the same NIC if you don't pass it through as PCI.
In this scenario:
  1. stop passing it thorough to VM101
  2. don't configure ANY ip address on en01 interface on the proxmox host
  3. configure VM101 and VM100 to have a virtual NIC each
  4. if your IT dept has DHCP set the network adapter in each VM to acquire it's address via DHCP
  5. If not statically address them instead.
This will look like two unique devices each with their own MAC address to your IT dept.

Option 2 - install more NICs in the proxmox host
In this case install another NIC and pass it through to VM101.
Set it up in the same way VM100 was setup - now all your LAN users can use it, and it can still access your internet so long as the default gateway remains on the VMBR virtual nic.

If you mess with bridges, routing protocols and trying to connect vmbr0 to the LAN and the internet you quite rightly will get the wrath of your IT dept, good luck.
Click to expand...
Thank you, I will try this method on next week since now I’m not on my working place
 
scyto said:
What has your IT dept got to do with it - there is nothing they need to do on your machines 'to allow it' through. Do you know networking?

Option 1 - use en01 for VM101 and VM100
VM101 and VM100 can *share* the same NIC if you don't pass it through as PCI.
In this scenario:
  1. stop passing it thorough to VM101
  2. don't configure ANY ip address on en01 interface on the proxmox host
  3. configure VM101 and VM100 to have a virtual NIC each
  4. if your IT dept has DHCP set the network adapter in each VM to acquire it's address via DHCP
  5. If not statically address them instead.
This will look like two unique devices each with their own MAC address to your IT dept.

Option 2 - install more NICs in the proxmox host
In this case install another NIC and pass it through to VM101.
Set it up in the same way VM100 was setup - now all your LAN users can use it, and it can still access your internet so long as the default gateway remains on the VMBR virtual nic.

If you mess with bridges, routing protocols and trying to connect vmbr0 to the LAN and the internet you quite rightly will get the wrath of your IT dept, good luck.
Click to expand...
Hi
After perform ypur advice, the port has signal but now no one know where is it connected to. The bridge to eno1 not returned ANY IP even though it is up. Then I though it maybe because of domain and I add eno1 domain to host file, which resulted in the disconnection completely to Proxmox so even with my PCIE passthrough VM I cannot access proxmox web UI anymore. In an attempt to salvage situations I tried to load it to ubuntu to edit the host file and interface but now I bricked completely Proxmox. It cannot boot anymore so I have to reinstall entire system
 
khanhlpbao said:
Then I though it maybe because of domain and I add eno1 domain to host file
Click to expand...
Why would you do that - it has nothing to with IPs and ability to ping. It seems like you don't know very much about networking, you might want to readup more on how to do that.
 
scyto said:
Why would you do that - it has nothing to with IPs and ability to ping. It seems like you don't know very much about networking, you might want to readup more on how to do that.
Click to expand...
Hi, honestly I’m not professional on this section.
Btw, last week I have a meeting with them and they told that the reason I cannot access to the internet is because the MAC address continously switched between 2. They said that the problem came from the fact that my workstation only have 1 ethernet port on motherboard, the other are Usb to LAN port. They suggest that I buy another Network card and install to the workstation but idk does ot solved my problem.
 
I already told you buy more network cards.
also MAC address shouldn’t change - hard set it in the VM config.
 
scyto said:
I already told you buy more network cards.
also MAC address shouldn’t change - hard set it in the VM config.
Click to expand...
yazmeen said:
Here are the detailed steps to create a bridge interface (e.g., vmbr1) on Proxmox and link it to your Windows 10 VM:

  1. Create a New Bridge Interface:
    • Log in to your Proxmox web interface or SSH into the Proxmox server.
    • In the Proxmox web interface, navigate to "Datacenter" or "Cluster" > "Networking" > "Create" and select "Linux Bridge."
    • Give your new bridge a name (e.g., vmbr1).
    • Configure other settings as needed (e.g., VLAN tag, MTU), but the basic setup should suffice for most cases.
    • Click "Create" to create the bridge.
  2. Assign Bridge to Windows 10 VM:
    • Now, go to your Windows 10 VM configuration.
    • Under the "Hardware" tab, select "Add" > "Network Device" and choose "Bridge."
    • In the "Bridge" field, select the bridge you created earlier (vmbr1).
    • Click "Add" to add the bridge to your VM's hardware configuration.
  3. Configure Windows 10 VM:
    • Start or restart your Windows 10 VM.
    • In the Windows 10 guest OS, configure the network settings to use a static IP address within the 192.168.7.xx subnet. Set the gateway to the IP address of your Proxmox host.
    • Ensure the Windows firewall allows incoming and outgoing traffic as needed for your use case (Proxmox and Nextcloud).
  4. Access Proxmox and Nextcloud:
    • With the Windows 10 VM running and configured, you should be able to access Proxmox and the Nextcloud VM from within the Windows 10 guest OS using the IP address you assigned (e.g., 192.168.7.xx).
    • You can also configure port forwarding or NAT rules on your eno1 router to allow access to the Windows 10 VM from other devices on the eno1 network, but this will depend on your router's capabilities and your IT department's policies.
This setup creates a separate bridge network (vmbr1) that is connected to your Windows 10 VM, allowing it to communicate with Proxmox and Nextcloud while remaining isolated from your department's primary network (eno1).

Note : Refurbished networking hardware
Click to expand...
Hi, after installed the network card, tell IT Department about the host name and MAC address now I can access to Proxmox on other computers that use the 192.168.7.x LAN router. But when set up on the bridge on Win10 VM its not worked, its received absolutely 0 bytes of data and I cannot access shared folders on win10. But maybe right now I can install Nextcloud directly on Proxmox computer so it can use the IP of both bridges.
 
You need to tell them the virtual Mac addresses of each vm too. Or to stop being stupid and blocking MAC addresses, it isn't a security mechanism, but they think it is.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back