My current cluster nodes are all configured like this:
Now I want to create another LAN, with a different IP subnet to connect the firewall VMs for dedicated (intra-firewall) traffic, but without using another physical interface.
- Is it possible to solve this by creating a new network card for the firewall VM's and connect them via VLAN tagging?
- Do I need to create a different (VLAN bridge) as well?
- Do I need to setup the VLAN on the physical switch as well?
Some other questions (if I decide to create a dedicated bridge for this subnet):
- Can bridges be daisy-chained? (Port for vmbr2 is vmbr0)
- Can bridges be connected to the same NIC? (Port for both vmbr2 and vmbr0 is eth0)
Code:
[firewall VM] + -----------[vmbr1] ----------- [eth1] ---------- Internet
+ ---------- [vmbr0] ----------- [eth0] ---------- LAN
[all other VM] + ---------- [vmbr0] ----------- [eth0] ---------- LAN
Now I want to create another LAN, with a different IP subnet to connect the firewall VMs for dedicated (intra-firewall) traffic, but without using another physical interface.
- Is it possible to solve this by creating a new network card for the firewall VM's and connect them via VLAN tagging?
- Do I need to create a different (VLAN bridge) as well?
- Do I need to setup the VLAN on the physical switch as well?
Some other questions (if I decide to create a dedicated bridge for this subnet):
- Can bridges be daisy-chained? (Port for vmbr2 is vmbr0)
- Can bridges be connected to the same NIC? (Port for both vmbr2 and vmbr0 is eth0)
Last edited: