[SOLVED] 1 Node, multiple VMs, 1pub IP each VM, via bridged

M

marsellus85

New Member
Jul 13, 2018
2
0
1
38
Hello,

i am new to proxmox and i red a lot, maybe to much :D

My state:
I have just one node hosted at OVH. This node has a public ip und several VMs with public IPs condfigured out of the box via bridged networking. VM for web, sql, mail, etc.

My first goal is to ad a VLAN, that all VMs can talk to each other over a private network to make it more secure. But i am not able to do it for myself at this point :/

Here is my node config.
cat /etc/network/interfaces:
Code: 
auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

auto vmbr1
iface vmbr1 inet manual
        bridge_ports dummy0
        bridge_stp off
        bridge_fd 0

auto vmbr0
iface vmbr0 inet static
        address  XXX.XXX.XXX.XXX/24
        gateway  XXX.XXX.XXX.254
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

Here is a config of a VM.
cat /etc/systemd/network/eth0.network:
Code: 
[Match]
Name = eth0

[Network]
Description = Interface eth0 autoconfigured by PVE
Address = YYY.YYY.YYY.YYY/32
Gateway = YYY.YYY.YYY.254
DHCP = none

[Route]
Destination = YYY.YYY.YYY.YYY/32
Scope = link

NODE: What do i have to change or create in the gui to create a vlan successful?
VM: What do i have to change or create in the gui to create a vlan successful?
 
OK, i solved it :)

On the node i created in the gui:
Code: 
New network device ->
"Linux Bridge"
name: vmbr2
IP: 10.10.10.254
netmask: 255.255.255.0

For each VM:
Code: 
New network device with ->
name: eth1
mac-address: auto
bridge: vmbr2
ipv4 static
ipv4: 10.10.10.X/24

Now i can reach each VM to VM. Reach the Node is not nessesary.
 
@marsellus85 another option would be to put a firwall/router in a VM between your VMs and the internet. You could either use 1:1 NAT or turn off NAT to connect to each VM. If you use 1:1 NAT, you could put all the VMs on the LAN interface then use PVE's firewall to block connections between VMs or just put each VM into a separate VLAN and use pfSense to restrict access both to the internet and to each other.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back