Search results

I'm no network expert or guru, but letting DMZ traffic go through a trunk port and into your regular network (even with VLANs) is a bad idea... But that's my opinion. Google is your friend.

Nice that you solved the problem yourself AND provided the solution!

VLAN and DMZ are not the same, although they have the "isolation" feature in common. VLAN hopping is a security thing. And if you configure VLANs incorrect it's also a security risk. DMZ is an isolated port/subnet and can not reach your regular network when hacked.

quote from the link I gave you earlier : Proxmox VE server at hosting provider, with a single public IP address In that case the only way to get outgoing network accesses for your guest systems is to use Masquerading. For incoming network access to your guests, you will need to configure Port...

I thought I read in the forum some people having the same realtek problem, but had network connectivity (with a lot of drop outs and instability issues).

"I have configured proxmox to run on 192.168.2.4, although I dont see it in connected devices on my router." "I have tried to configure it to allow for dhcp to see if I could get it to connect with the router and make an IP reservation. No dice." - that's correct because Proxmox uses static ip...

Is the PVE host running from a datacenter ? Maybe you should read the wiki : https://pve.proxmox.com/wiki/Network_Configuration#sysadmin_network_routed If you are not running from a datacenter : the container gateway will not work with 192.168.1.1, but x.x.x.129

What Realtek do you have, the 8168 ? And do you have network connectivity when using the 8169 driver ? If so, then quickly apply the "fix" and download all files. If not, then maybe set the ip address of the PVE host to something other then 192.168.2.4 "I have a router from my ISP which has a...

From PVE host what is the output of: # dig debian.org and # cat /etc/network/interfaces - you do not have to mask the ip addresses, unless they are public addresses.

Maybe buy an 8 port vlan switch instead of two separate switches, like in your drawings.

If you use UTP cable, please read this howto : https://forum.proxmox.com/threads/debian-bookworm-realtek-nic-issues-nic-worked-fine-before-upgrade.130999/

I must admit, I'm a bit lost for a solution.. What container do you use, Debian, Ubuntu ?

I have no Zerotier experience, but did some research. Run this command on the host : # chown 100000:100000 /dev/net/tun Check it with : # ls -l /dev/net/tun It should read something like: # crw-rw-rw- 1 100000 100000 10, 200 Jul 17 20:59 /dev/net/tun

You can add VLANs to vmbr0 and vmbr1, and delete vmbr2. info : https://pve.proxmox.com/wiki/Network_Configuration#sysadmin_network_vlan

"Other Solution - Don't use Realtek NICs." :) that made me smile. But thanks for the tutorial! Will try and test this, because I have a spare server with 2 Realtek nics in it. I reserved this server for Proxmox (was an old ESXi server, also Realtek issues but workable).

a couple of questions : - what exactly do you mean by "direct internet access" - why do you enable tunneling access - what is the purpose of the iptables rules you added - have you set a DNS server in the LXC option? I have several LXC's running, all of them have internet acces, out of the box.

post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o enp1s0 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o enp1s0 -j MASQUERADE - Please remove the single quotes. '192.168.1.0/24' > 192.168.1.0/24

Also a tip: try to avoid using 192.168.x.1 and/or 192.168.x.254 for a server. Many routers and switches use .1 or .254 as default network address = ip conflict.

If you can put your ISP router in Bridged mode, you can then create a VLAN100 UNTAGGED (internet) and connect it to the HP switch. From the HP switch you can plug in your Proxmox host and I would definitely use both network cards. This way you can install and run pf/OPNsense on the PVE host. Or...

I think I know what he means and what his goal is, but his diagram is missing details (at least the naming is wrong). Green WAN line = (UNTAGGED) WAN VLAN100 Black LAN line = TAGGED WAN + LAN, VLAN100 + VLAN1 Grey INTERNET line = UNTAGGED LAN, VLAN1 VLAN numbers are examples, use your own.