[SOLVED] Setting up two subnets over dedicated Ethernet

mlanner

Renowned Member
Apr 1, 2009
190
1
83
Berkeley, CA
Hi,

I'm a bit confused by the bridging setup. Here's my setup and what I'm trying to achieve:


  • Firewall with multiple WAN IPs, providing NAT to the VMs in the DMZ
  • Two networks:
    • DMZ (192.168.9.0/24) on eth0/vmbr0 connected to a dedicated switch directly off the firewall
    • LAN (192.168.10.0/24) on eth1/vmbr1 connected to a dedicated switch directly off the firewall
  • All my VMs are (currently) running in the DMZ
  • I now want to run some VMs in the LAN

Previously I only had the eth0, vmbr0 interface activated on the Proxmox host. Now I've connected a physical Ethernet cable to eth1 and created vmbr1 on that NIC. The way I thought this would work is that the vmbr1 would simply act as another switch (off of my physical LAN switch) and any VMs with their network cards connected to the vmbr1 would be able to connect on the LAN side and potentially even getting DHCP addresses from my LAN DHCP server. The eth0/vmbr0 network works just like that, with the difference of course that the vmbr0 actually has an IP address. However, I didn't think I needed an IP address for the vmbr1 interface, as I have no specific need for it.

So, based on the above, I've got it set up the way I *thought* it would work, but it doesn't. Here's my interfaces setup on my Proxmox box:

Code:
# network interface settings
auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
    address  192.168.9.10
    netmask  255.255.255.0
    gateway  192.168.9.1
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0

auto vmbr1
iface vmbr1 inet manual
    bridge_ports eth1
    bridge_stp off
    bridge_fd 0

Seems to be pretty straight forward, but for whatever reason it's not working. I'm sure I must be missing something obvious here, so if anyone can point out what I'm doing wrong, that would be great.

Thanks in advance.
 
Last edited:
Re: Setting up two subnets over dedicated Ethernet

Hi,

I'm a bit confused by the bridging setup. Here's my setup and what I'm trying to achieve:


  • Firewall with multiple WAN IPs, providing NAT to the VMs in the DMZ
  • Two networks:
    • DMZ (192.168.9.0/24) on eth0/vmbr0 connected to a dedicated switch directly off the firewall
    • LAN (192.168.10.0/24) on eth1/vmbr1 connected to a dedicated switch directly off the firewall
  • All my VMs are (currently) running in the DMZ
  • I now want to run some VMs in the LAN

Previously I only had the eth0, vmbr0 interface activated on the Proxmox host. Now I've connected a physical Ethernet cable to eth1 and created vmbr1 on that NIC. The way I thought this would work is that the vmbr1 would simply act as another switch (off of my physical LAN switch) and any VMs with their network cards connected to the vmbr1 would be able to connect on the LAN side and potentially even getting DHCP addresses from my LAN DHCP server. The eth0/vmbr0 network works just like that, with the difference of course that the vmbr0 actually has an IP address. However, I didn't think I needed an IP address for the vmbr1 interface, as I have no specific need for it.

So, based on the above, I've got it set up the way I *thought* it would work, but it doesn't. Here's my interfaces setup on my Proxmox box:

Code:
# network interface settings
auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
    address  192.168.9.10
    netmask  255.255.255.0
    gateway  192.168.9.1
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0

auto vmbr1
iface vmbr1 inet manual
    bridge_ports eth1
    bridge_stp off
    bridge_fd 0

Seems to be pretty straight forward, but for whatever reason it's not working. I'm sure I must be missing something obvious here, so if anyone can point out what I'm doing wrong, that would be great.

Thanks in advance.
Hi,
the config looks good.

What happens, if you create an linux-box on vmbr1 with an free IP (like 192.168.10.99) and ping the firewall (192.168.10.1?). Is pinging allowed to the firewall?
During the ping look with tcpdump on the host:
Code:
tcpdump -i vmbr1 host 192.168.10.1
and post the output of following commands
Code:
brctl show vmbr1
ifconfig eth1
ifconfig VMdevice (like tap150i1)
Udo
 
Re: Setting up two subnets over dedicated Ethernet

Udo,

First, I apologize -- I just solved this problem. It had nothing to do with Proxmox or my config, which was incidentally correct all the time. The issue was that the port on the switch was tagged for another VLAN/subnet. It had been cleared in the switch's GUI, which is where I looked to make sure it was all OK, but for whatever reason it hadn't cleared it properly in the actual running config. I fixed that and now that the switch port is on the right VLAN, everything is working just as expected.

To troubleshoot the problem with not getting through, I did exactly what you proposed, put a VM on the vmbr1 bridge with both static and DHCP to see if I could get through to any device on the LAN subnet. But of course it didn't because of the switch config problem.

Thanks again Udo for replying. I feel stupid having wasted people's time.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!