Proxmox with private IP's and router.

[virtuallyk]

Hello!
Please advise how to configure Proxmox in this scenario:
I have 3 laptops. One is a windows station, and two are Linux. One of the 2 Linux machines has Proxmox VE installed and booting on it.
Let's call this machine "pve". In my house i have a TALKTALK hub which I call a router. I realise I might not actually understand what a router is, but basically my devices get internet from that hub. It has wifi connection and ethernet connection. It has 5 ethernet ports. One is called WAN, and the other are just ethernet. I will call this "the router".
My windows station has what i understand is a private IP. I think i have a C class network, and the IP's are starting at 192.168.1.2 because 192.168.1.1 is the gateway (the router). In my windows network card configuration i have 192.168.1.1 set up as Gateway. I can also connect to my router in the browser if I use this gateway address. Of course, if i go to what'smyip i get a totally different ip which i understand is my public IP.
Now, when i install Proxmox, i set up a static private IP, let's say 192.168.1.3/24. and the Gateway 192.168.1.1. It's all good, and i can connect from my Windows laptop typing in the browser 192.168.1.3:8006. It's my understanding that this obviously means i can connect inside the LAN.

One thing i notice which i don't understand is that in Proxmox System -> Network -> i get two ethernet nic network devices . nic0 and nic 1 but my laptop has only ONE ethernet interface nic0 and one wi-fi.

I have a Cloudflare domain. Let's call it "example.org". My goal would be to use the proxmox machine pve, to start various container apps which than i can map to subdomains on my Cloudflare account. So i would have let's say "app1.example.org", "app2.example.org" and so on.

How can i make this work?

I've read about

Proxmox VE server in a private LAN, using an external gateway to reach the internet​

The Bridged model makes the most sense in this case, and this is also the default mode on new Proxmox VE installations. Each of your Guest system will have a virtual interface attached to the Proxmox VE bridge. This is similar in effect to having the Guest network card directly connected to a new switch on your LAN, the Proxmox VE host playing the role of the switch.

Proxmox VE server at hosting provider, with public IP ranges for Guests​

For this setup, you can use either a Bridged or Routed model, depending on what your provider allows.

Proxmox VE server at hosting provider, with a single public IP address​

In that case the only way to get outgoing network accesses for your guest systems is to use Masquerading. For incoming network access to your guests, you will need to configure Port Forwarding.
For further flexibility, you can configure VLANs (IEEE 802.1q) and network bonding, also known as "link aggregation". That way it is possible to build complex and flexible virtual networks.

but like everything Linux, is so incredibly frustrating because there's never just ONE way to do it. There's always about 7.353.134.3465. ways to do the same thing i i fell like i am loosing my minds!

What precisely is my scenario here and how can i approach this? Should i try using Bridge or should i go with Masquerading?!?! because i don't understand.
I mean i am in the "Proxmox VE server in a private LAN, using an external gateway to reach the internet" scenario. But also my router has a Public IP.
so doesn't that make it also "Proxmox VE server at hosting provider, with a single public IP address" ?!


THIS IS SO CONFUSING! PLEASE HELP! THANK YOU!

 

[DerekG]

Not so confusing, your private subnet 192.18.1.0/24 addresses the IP range from 192.168.1.1 to 192.168.1.254, so if you fix the IP of the Proxmox node to 192.168.3.1 it is sitting outside of your IP range and thus unable to communicate with the Router or any other device on the network.

You need to fix the IP of your Proxmox node within the same IP range which your route can address, i.e. 192.168.1.X i.e. 5 or 10, or 50 etc.

One thing i notice which i don't understand is that in Proxmox System -> Network -> i get two ethernet nic network devices . nic0 and nic 1 but my laptop has only ONE ethernet interface nic0 and one wi-fi.

Proxmox will detect both the network and the Wifi interfaces as NIC.

but like everything Linux, is so incredibly frustrating because there's never just ONE way to do it. There's always about 7.353.134.3465. ways to do the same thing i i fell like i am loosing my minds!

This is not a Linux issue, Windows connects on the network in exactly the same way, only with Windows you would have allowed the laptop to get an IP address from DHCP in the Router, if you had a cable connected to the Proxmox host on installation, that too would have got an IP address from the same DHCP.

Try setting the IP within the range addressed by the router and then everything should work. However there could be one other issue, the Proxmox address should be outside of your routers 'DHCP range', or you might assign an IP address which is already in use. On many home routers the ISP assigns all the possible addresses to DHCP so you might have to login to the router and check there, or set the Proxmox to a high address like 192.168.1.200, which is unlikely to be in use by anything else on your home network.

Note: Do not attempt to use the wifi interface as a connection to the Proxmox, plug an network cable direct into the Router and then you will have an easier time.

Good luck with your project.

 

[virtuallyk]

@

Not so confusing, your private subnet 192.18.1.0/24 addresses the IP range from 192.168.1.1 to 192.168.1.254, so if you fix the IP of the Proxmox node to 192.168.3.1 it is sitting outside of your IP range and thus unable to communicate with the Router or any other device on the network.

You need to fix the IP of your Proxmox node within the same IP range which your route can address, i.e. 192.168.1.X i.e. 5 or 10, or 50 etc.


Proxmox will detect both the network and the Wifi interfaces as NIC.


This is not a Linux issue, Windows connects on the network in exactly the same way, only with Windows you would have allowed the laptop to get an IP address from DHCP in the Router, if you had a cable connected to the Proxmox host on installation, that too would have got an IP address from the same DHCP.

Try setting the IP within the range addressed by the router and then everything should work. However there could be one other issue, the Proxmox address should be outside of your routers 'DHCP range', or you might assign an IP address which is already in use. On many home routers the ISP assigns all the possible addresses to DHCP so you might have to login to the router and check there, or set the Proxmox to a high address like 192.168.1.200, which is unlikely to be in use by anything else on your home network.

Note: Do not attempt to use the wifi interface as a connection to the Proxmox, plug an network cable direct into the Router and then you will have an easier time.

Good luck with your project.

I think you misread. I didn't assigned Proxmox 192.168.3.1 but 192.168.1.3 which is in the IP range.
The laptop that runs Proxmox is connected with at the ethernet port with a cable.
Anyway, the issue is a bit more complex than just DHCP and it will all work. It works inside the LAN. What i need is to configure it to work for WAN. I'm researching the pfSense approach.
Thank you for your reply.

 

[DerekG]

I think you misread. I didn't assigned Proxmox 192.168.3.1 but 192.168.1.3 which is in the IP range.

Oh, I'm sorry, I'm sure I read that as 3.1.
If you can connect to the web interface OK, are you able to perform the system updates? If not that might indicate an incorrect DNS setting, or the Repositories set incorrectly.
I had pfSense running for a while inside a VM, I had to provide a separate NIC for the WAN interface and bridge the LAN to to the Proxmox host.

 

[Eduardo Taboada]

There are some several escenarios for your approach:
1) You can use a firewall like Pfsense/Opnsense to connect it directly to your wan connection of any way (ppoE, DHCP, etc) for this you need to know what is the method for doing this. After that, you have a Virtual Machine (VM) with 2 interfaces, one called WAN and another called LAN (192.168.1.1).
In this scenario you need to "publish" your webs in this VM via some proxy (for example Caddy) to redirect traffic with the correct URL to every service (app1.example.org and app2.example.org). This webs can be one service each one in one VM or the tow services in the same VM, but you need to separate this services via SNI (URL). You might also use the ACME feature for generating certificates for this.
2) The second approach is to expose via NAT the ports of your services in your gateway. This is in fact less secure that having a reverser proxy for your URL's