hello all
i had quite a wired weekend behind me. nothing worked so far. so, i ask here about some more brain power and thoughts.
we have 1 standalone server with proxmox installed, version 9.1.1 (could not updates yet, no internet on that server. on the proxmox runs a opnsense.
the whole traffic will be forwarded to the opnsense. (i dont know if all rules are working but at least i got internet connection there. hoster is hetzner.
here is the interface
auto lo
iface lo inet loopback
auto nic0
iface nic0 inet static
address 8x.1x8.1x.x9/27 ---------------- main ip
gateway 8x.1x8.1x.x5
pointopint 8x.1x8.1x.x5
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
# post-up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
#physische Hetzner-NIC
auto nic1
iface nic1 inet manual
# NIC1 – Internal 1G switch
auto vmbr1
iface vmbr1 inet static
address 10.10.12.2/24
bridge-ports nic1
bridge-stp off
bridge-fd 0
# gateway 10.10.12.1 --- this is the real gateway for this server
# Add your secondary IP lines here:Bridge for internal (OPNsense LAN, cluster traffic)
auto vmbr0
iface vmbr0 inet static
address 10.0.0.1/30
bridge-ports none
bridge-stp off
bridge-fd 0
up ip route add 8x.1x8.1x.x6/32 dev vmbr0 ------- additional ip 1
up ip route add 8x.1x8.1x.x4/32 dev vmbr0 ----------- aditional ip 2
up ip route add 4x.x.1x1.x6/28 dev vmbr0 -------------- ip block 28er
post-up iptables -t nat -A POSTROUTING -s 10.0.0.0/30 -o nic0 -j MASQUERADE
post-up iptables -A FORWARD -i vmbr0 -o nic0 -j ACCEPT
post-up iptables -A FORWARD -i nic0 -o vmbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
post-up iptables -A FORWARD -d 4x.x.1x1.x6/28 -j ACCEPT
post-up iptables -A FORWARD -s 4x.x.1x1.x6/28 -j ACCEPT
#WAN-Brücke für die pfSense
source /etc/network/interfaces.d/*
this is a routed setup from hetzner
------------------------------------------------------------------
on the other side i have proxmox cluster with 4 servers.
i created an sdn (2 zones: infra and customers, as evpn)
i created vnets infra, linked to zone infra, tag 1000, it contains a subnet with 172.16.11.0/24 iwht the gateway 172.16.1.1
the second und third vlans are
cust001 and cust002, both attached to zone customer, tag 1061 and 1062, each vnets have 16 x 18 networks as subnets.
VMs reconfigured to Cust001 (for instance) and as per VMs ip configuration the subnet will be recognised itself. and it seemed to work. each VM can ping each VM at the same vnets. which makes sense
now i got 2 issues
1. how can services from infra (like a main dns) be querried: from cust001 to infra and from cust002 to infra ? all DNS querries should go there, or/and NTP
2. how can i connect the sdn to the edge server ? the middle peace is missind (in my head)
i tried the whole weekend, and as you know it was 1 more day) to get the VM related firewalls up and running. but i have absolutly no luck. some parts was working, other parts wasnt. the whole time. anyway.
i will work on this toppic to a later time, i am quite feed up of that topic. i need to move forward and get the servers up and running. btw: each customer has 3 servers which offers an service.
please tell me what more infos you need to get it up and running
thx guys
i had quite a wired weekend behind me. nothing worked so far. so, i ask here about some more brain power and thoughts.
we have 1 standalone server with proxmox installed, version 9.1.1 (could not updates yet, no internet on that server. on the proxmox runs a opnsense.
the whole traffic will be forwarded to the opnsense. (i dont know if all rules are working but at least i got internet connection there. hoster is hetzner.
here is the interface
auto lo
iface lo inet loopback
auto nic0
iface nic0 inet static
address 8x.1x8.1x.x9/27 ---------------- main ip
gateway 8x.1x8.1x.x5
pointopint 8x.1x8.1x.x5
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
# post-up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
#physische Hetzner-NIC
auto nic1
iface nic1 inet manual
# NIC1 – Internal 1G switch
auto vmbr1
iface vmbr1 inet static
address 10.10.12.2/24
bridge-ports nic1
bridge-stp off
bridge-fd 0
# gateway 10.10.12.1 --- this is the real gateway for this server
# Add your secondary IP lines here:Bridge for internal (OPNsense LAN, cluster traffic)
auto vmbr0
iface vmbr0 inet static
address 10.0.0.1/30
bridge-ports none
bridge-stp off
bridge-fd 0
up ip route add 8x.1x8.1x.x6/32 dev vmbr0 ------- additional ip 1
up ip route add 8x.1x8.1x.x4/32 dev vmbr0 ----------- aditional ip 2
up ip route add 4x.x.1x1.x6/28 dev vmbr0 -------------- ip block 28er
post-up iptables -t nat -A POSTROUTING -s 10.0.0.0/30 -o nic0 -j MASQUERADE
post-up iptables -A FORWARD -i vmbr0 -o nic0 -j ACCEPT
post-up iptables -A FORWARD -i nic0 -o vmbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
post-up iptables -A FORWARD -d 4x.x.1x1.x6/28 -j ACCEPT
post-up iptables -A FORWARD -s 4x.x.1x1.x6/28 -j ACCEPT
#WAN-Brücke für die pfSense
source /etc/network/interfaces.d/*
this is a routed setup from hetzner
------------------------------------------------------------------
on the other side i have proxmox cluster with 4 servers.
i created an sdn (2 zones: infra and customers, as evpn)
i created vnets infra, linked to zone infra, tag 1000, it contains a subnet with 172.16.11.0/24 iwht the gateway 172.16.1.1
the second und third vlans are
cust001 and cust002, both attached to zone customer, tag 1061 and 1062, each vnets have 16 x 18 networks as subnets.
VMs reconfigured to Cust001 (for instance) and as per VMs ip configuration the subnet will be recognised itself. and it seemed to work. each VM can ping each VM at the same vnets. which makes sense
now i got 2 issues
1. how can services from infra (like a main dns) be querried: from cust001 to infra and from cust002 to infra ? all DNS querries should go there, or/and NTP
2. how can i connect the sdn to the edge server ? the middle peace is missind (in my head)
i tried the whole weekend, and as you know it was 1 more day) to get the VM related firewalls up and running. but i have absolutly no luck. some parts was working, other parts wasnt. the whole time. anyway.
i will work on this toppic to a later time, i am quite feed up of that topic. i need to move forward and get the servers up and running. btw: each customer has 3 servers which offers an service.
please tell me what more infos you need to get it up and running
thx guys
