add another private IPs subnet and NAT to VMs, additional public IPs for some range VMs

M

mfaridi

Renowned Member
Oct 17, 2015
83
0
71
I have proxmox 8.2 and this is current interface config

Code: 
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

iface lo inet6 loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
    address 3.2.1.38/26    # first ip public
    gateway 3.2.1.1
    bridge-ports eno1
    bridge-stp off
    bridge-fd 1
    bridge-vlan-aware yes
    bridge-vids 2-4094
    hwaddress 00:00:00:00:00:00
    pointopoint 3.2.1.1
    up sysctl -p

iface vmbr0 inet6 static
    address 2a01:000:0000:0000::1/64
    gateway fe80::1
auto vmbr1
iface vmbr1 inet static
    address 10.1.10.1/24        # private IP for VMs
    bridge-ports none
    bridge-stp off
    bridge-fd 0
    post-up   iptables -t nat -A POSTROUTING -s '10.1.10.0/24' -o vmbr0 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '10.1.10.0/24' -o vmbr0 -j MASQUERADE
    post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
    post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

iface vmbr1 inet6 static
    address 2a01:4f8:201:3315:1::1/80


auto vmbr2
iface vmbr2 inet static
    address 9.2.25.1/29  # another public IPs ranges
    bridge-ports none
    bridge-stp off
    bridge-fd 0

iface vmbr2 inet6 static
    address 2a01:000:0000:0000::1/80

I want set another subnet of private IPs to this config and use them for VMs and NAT, I want new VMs with new subnet can access to internet

I have addition public IPs too and I want these IPs use by specific range of IPs and route these additional IPs to some VMs what I must do about this?
 
Last edited:
Hey, as you already have a working private network on vmbr1 you could simply create a new bridge vmbr3, use the vmbr1 config and change the 10.1.10.1/24 settings to the value for your desired new network and you would have another private network.

Another thing I saw:
Code: 
up sysctl -p
seems to be a typo. Shouldn't that be "post-up"?

Cheers
wowo
 
wowo said:
Hey, as you already have a working private network on vmbr1 you could simply create a new bridge vmbr3, use the vmbr1 config and change the 10.1.10.1/24 settings to the value for your desired new network and you would have another private network.

Another thing I saw:
Code: 
up sysctl -p
seems to be a typo. Shouldn't that be "post-up"?

Cheers
wowo
Click to expand...
Thanks,
what about NAT,I should another iptables commands on vmbr3?
I have another question is this config good for routed network?
 
Last edited:
mfaridi said:
Thanks,
what about NAT,I should another iptables commands on vmbr3?
I have another question is this config good for routed network?
Click to expand...

This is where you do NAT on vmbr1:

Code: 
post-up   iptables -t nat -A POSTROUTING -s '10.1.10.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.1.10.0/24' -o vmbr0 -j MASQUERADE

You need this too for vmbr3. You need to change 10.1.10.0/24 to the new subnet you choose for vmbr3.

For example if the machines in your new private subnet should get 10.10.10.x as IPs, you would change all settings in vmbr3 to 10.10.10.0/24.

Sorry, no experience with a routed setup.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back