[SOLVED] 1 Node, multiple VMs, 1pub IP each VM, via bridged

M

marsellus85

New Member
Jul 13, 2018
2
0
1
39
Hello,

i am new to proxmox and i red a lot, maybe to much :D

My state:
I have just one node hosted at OVH. This node has a public ip und several VMs with public IPs condfigured out of the box via bridged networking. VM for web, sql, mail, etc.

My first goal is to ad a VLAN, that all VMs can talk to each other over a private network to make it more secure. But i am not able to do it for myself at this point :/

Here is my node config.
cat /etc/network/interfaces:
Code: 
auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

auto vmbr1
iface vmbr1 inet manual
        bridge_ports dummy0
        bridge_stp off
        bridge_fd 0

auto vmbr0
iface vmbr0 inet static
        address  XXX.XXX.XXX.XXX/24
        gateway  XXX.XXX.XXX.254
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

Here is a config of a VM.
cat /etc/systemd/network/eth0.network:
Code: 
[Match]
Name = eth0

[Network]
Description = Interface eth0 autoconfigured by PVE
Address = YYY.YYY.YYY.YYY/32
Gateway = YYY.YYY.YYY.254
DHCP = none

[Route]
Destination = YYY.YYY.YYY.YYY/32
Scope = link

NODE: What do i have to change or create in the gui to create a vlan successful?
VM: What do i have to change or create in the gui to create a vlan successful?
 
OK, i solved it :)

On the node i created in the gui:
Code: 
New network device ->
"Linux Bridge"
name: vmbr2
IP: 10.10.10.254
netmask: 255.255.255.0

For each VM:
Code: 
New network device with ->
name: eth1
mac-address: auto
bridge: vmbr2
ipv4 static
ipv4: 10.10.10.X/24

Now i can reach each VM to VM. Reach the Node is not nessesary.
 
@marsellus85 another option would be to put a firwall/router in a VM between your VMs and the internet. You could either use 1:1 NAT or turn off NAT to connect to each VM. If you use 1:1 NAT, you could put all the VMs on the LAN interface then use PVE's firewall to block connections between VMs or just put each VM into a separate VLAN and use pfSense to restrict access both to the internet and to each other.
 
You must log in or register to reply here.
Top Bottom