2 NICS with 2 different IP's

D

dmytro3

New Member
Jul 27, 2022
3
0
1
Hi all,

I'm tryin to configure 2 interfaces with 2 IP's, one of them has access to the outside, one is internal. What I'm trying to do is have server accessible only using internal IP, while keeping external IP to pull updates, etc. Since only one gateway is allowed, I cannot figure out how to properly configure this with post-ip or some rule. I know having 2 gateways are not allowed.

here is current configuration:

Bash: 
# cat /etc/network/interfaces
auto lo
iface lo inet loopback

iface eno12399np0 inet manual

iface eno12409np1 inet manual

iface eno8303 inet manual

iface eno8403 inet manual

auto vmbr0
iface vmbr0 inet static #--> this should be used to access the internet to pull updates, upload ISO images, also enabled pull updates within the VM's
        address 7*.*.*.243/24
        gateway 7*.*.*.254
        bridge-ports eno12399np0
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static #--> this should be used as pve access, i.e on :8006 or ssh. This work and no issues
        address 10.20.0.2/24
        gateway 10.20.0.254
        bridge-ports eno12409np1
        bridge-stp off
        bridge-fd 0
 
Do you really need two gateways? Keep in mind that guests can choose their own gateway independent from PVE. So your PVE host shouldn't need a gateway for the internal network.
When you only want management access from the internal network you could block port 22 and 8006 for your external bridge.
 
Last edited:
Dunuin said:
Do yoor really need two gateways? Keep in mind that guests can choose their own gateway indipendent from PVE. So your PVE host shouldn't need a gateway for the internal network.
When you only want management access from the internal network you could block port 22 and 8006 for your internal bridge.
Click to expand...
I don't know. All I need is to be able to access other machines on 10.20.... and access internet to pull updates.

Maybe I can remove gateway from 10.20 vmbr and add ip route to 70.... vmbr?
 
Then I would remove the gateway from vmbr1 and use the PVE firewall to block port 22 and 8006 on vmbr0.
 
how will then this pve machine will talk with other pve machines on 10.20... or the rest of the 10.20 network? they will be in the cluster later on
 
You can still have a IP on the vmbr1. You don't need a gateway on it if you just want PVE to talk to hosts in the 10.20.0.0/24 subnet. A gateway is only needed if you want to communicate with hosts that aren't part of the subnet the NIC/bridge is using.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back