2 LAN in Proxmox

T

tincboy

Renowned Member
Apr 13, 2010
466
3
83
In my environment, my servers has 2 NIC, one is connected to internet and the other is connected to an organizational LAN
It's my interfaces file:

auto lo
iface lo inet loopback

auto vmbr0
iface vmbr0 inet static
address xx.xx.xx.xx
netmask 255.255.255.0
gateway xx.xx.xx.yy
bridge_ports eth0
bridge_stp off
bridge_fd 0


auto vmbr1
iface vmbr1 inet static
address 10.7.6.201
netmask 255.255.255.224
#gateway 10.7.6.222
bridge_ports eth1
bridge_stp off
bridge_fd 0


The IP can reach LAN gateway but it's not reachable from other LAN clients.
Any help will be much appreciated.
 
Hi. That looks like a standard configuration for a host. All traffic goes to the default gateway on eth0 except to 10.7.6.201/255.255.255.224. So if you are pinging to/from 10.7.6.1 you're most probably not getting a response.

Can you please specify:
- the virtual machine IP address
- the "outside proxmox" on LAN machine IP address
- how many NICs on your VM
- which "IP" can reach which gateway (not clear from your text)

and ...
- what do you want to achieve? ;)

Paolo
 
pcravero said:
Hi. That looks like a standard configuration for a host. All traffic goes to the default gateway on eth0 except to 10.7.6.201/255.255.255.224. So if you are pinging to/from 10.7.6.1 you're most probably not getting a response.

Can you please specify:
- the virtual machine IP address
- the "outside proxmox" on LAN machine IP address
- how many NICs on your VM
- which "IP" can reach which gateway (not clear from your text)

and ...
- what do you want to achieve? ;)

Paolo
Click to expand...
Thanks for your attention Paolo,
Every VM will only have one NIC,
But I want some of my VMs to only be accessible from in organizational IPs ( so they will use 10.7.6.0/24 IPs ) and the others have Internet based IPs so they can be reachable from out side word,
The current gateway is internet based gateway,

Was these information enough?
 
tincboy said:
Thanks for your attention Paolo,
Every VM will only have one NIC,
But I want some of my VMs to only be accessible from in organizational IPs ( so they will use 10.7.6.0/24 IPs ) and the others have Internet based IPs so they can be reachable from out side word,
The current gateway is internet based gateway,

Was these information enough?
Click to expand...
Hi,
the IP of the vmbrX has nothing to do with the VMs (in bridging modus).
You need only an IP on vmbr0.
If you need the access from the internal network to the pve-host you can do 2 things:
use vmbr0 for the internal network and use vmbr1 without ip (pve-host isn't reachable from the internet - execept you have a nat-rule in your router).
define an networkrule in vmbr1 like this "up ip route add 10.0.0.0/8 via 10.7.6.222"

Udo
 
udo said:
Hi,
the IP of the vmbrX has nothing to do with the VMs (in bridging modus).
You need only an IP on vmbr0.
If you need the access from the internal network to the pve-host you can do 2 things:
use vmbr0 for the internal network and use vmbr1 without ip (pve-host isn't reachable from the internet - execept you have a nat-rule in your router).
define an networkrule in vmbr1 like this "up ip route add 10.0.0.0/8 via 10.7.6.222"

Udo
Click to expand...
Udo,
Cloud you please provide an interface config file?
I've tried it many times but it didn't succeed.
 
As Udo suggested, your VMs on the 10.x LAN will have their own network configuration, including a correct gateway for their subnet. You don't need an IP on eth1/vmbr1, unless you want to be able to access PVE Web console on the private IP instead of the public one.

Paolo
 
No I don't want to access the web console from private IPs,
But I've build the VM with 10.7.6.0/24 IPs and it's not working, I guss some thing must be in interfaces file to fix this issue.
 
tincboy said:
No I don't want to access the web console from private IPs,
But I've build the VM with 10.7.6.0/24 IPs and it's not working, I guss some thing must be in interfaces file to fix this issue.
Click to expand...
Hi,
like i wrote before - the pve-ip has nothing to do with VM-ip (in bridging modus). Exception is, that you use the pve-host for routing/NAT...

An bridge is like an network-hub - all interfaces which are connected to the hub are connected together. If your Guest-VM is connected to vmbr1 (inside the guest the nic is eth0) and your pve-nic eth1 is also connected to the bridge, it's for the client as the connection is directly to the cable of pve-eth1 (exception you use vlan-tagging/bonding...).

You can use tcpdump to find the issue, like this (on pvehost): "tcpdump -i vmbr1 host 10.7.6.1". You can also use eth1 instaed of vmbr1 - must be the same.

BTW. you wrote 10.7.6.0/24 but before you have an netmask 255.255.255.224 for the router 10.7.6.201 - what funny networkconfig do you use?? I think the problem is more in this direction!

Udo
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back