Assign public IP to one VM

Abdo

New Member
Sep 17, 2024
3
0
1
I want to assign a public IP to each VM in my proxmox server, I have made a bridge with my /24 subnet mask.
I have VMs with Ubuntu server OS, I know that I can assign IP by Ubuntu server, but I want a method that makes one IP only can be chosen because I'm going to start renting VPS company.
 
Probably the easiest method (other then just telling your customers to do X and verifying they do so) would be to set up a router with DHCP and mac-reservations, and then a 1:1 NAT (so your router catches and forwards all traffic unrestricted (or maybe speed-restricted or the like, depending on what you're offering) towards the internal IP (for which you would also set up bridges/vlans to separate the customers as well).

Because as long as your customers are in the same subnet and on the same physical device, they will be able to pick the IP of someone else in the range and disturb that other party's traffic.

With the above method, they will have an internal IP on their VM and can only mess things up for their own VM, not any others.
 
Probably the easiest method (other then just telling your customers to do X and verifying they do so) would be to set up a router with DHCP and mac-reservations, and then a 1:1 NAT (so your router catches and forwards all traffic unrestricted (or maybe speed-restricted or the like, depending on what you're offering) towards the internal IP (for which you would also set up bridges/vlans to separate the customers as well).
Should I download and install a DHCP server on proxmox? Or create a VM for the DHCP server?


Because as long as your customers are in the same subnet and on the same physical device, they will be able to pick the IP of someone else in the range and disturb that other party's traffic.
Yes exactly that's what I want
 
Should I download and install a DHCP server on proxmox?
No. Do NOT tamper with the base operating system if you are not absolutely sure what you are doing. The pure fact that you asked results in "no".

Or create a VM for the DHCP server?
That would be fine. Just bear in mind that this VM must be up and running before any other VM could use this DCHP service. That makes this VM mission critical and a candidate for "High Availability", if you aim at a cluster.
 
1726843044227.png

I created a VM to serve DHCP that uses the vmbr0 bridge, I gave the DHCP VM IP (192.168.1.42). 1726843279509.png
ip addrresults:
Code:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether bc:24:11:0e:11:91 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    inet 192.168.1.42/24 metric 100 brd 192.168.1.255 scope global dynamic ens18
       valid_lft 73912sec preferred_lft 73912sec
    inet6 fe80::be24:11ff:fe0e:1191/64 scope link
       valid_lft forever preferred_lft forever

Then I installed isc-dhcp-server
I set this config for /etc/default/isc-dhcp-server
Code:
# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)

# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf

# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
#DHCPDv4_PID=/var/run/dhcpd.pid
#DHCPDv6_PID=/var/run/dhcpd6.pid

# Additional options to start dhcpd with.
#       Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""

# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
#       Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACESv4="ens18"
INTERFACESv6=""

I add to /etc/dhcp/dhcpd.conf this code:
Code:
subnet 192.168.1.0 netmask 255.255.255.0 {
        range 192.168.1.150 192.168.1.200;
}

option routers 192.168.1.1
option domain-name-servers 8.8.8.8 8.8.4.4;

How can I use this VM to assign IPs for other VMs? Please note that there is another DHCP on my home router (192.168.1.1)
Should I set the DHCP server IP as a gateway for other VMs?
 
First off, since you're setting up such a large WAN-network, I strongly suggest to hire / get someone with proper networking experience/knowledge, as while we will try to explain it, without a proper base-knowledge, a mistake is easily made.

Secondly, why re-invent the wheel? Just install OPNSense or PFSense or any other readily-built router-software as a VM

Do you only have 1 network-port on this server?
If so, create a second linux bridge without an uplink to it, then connect both the vmbr0 and vmbr1 that you just made to this VM
On the vmbr0-port in your router-VM set it as your WAN-side with an IP out of your /24-range of IP's (For example the first one after the gateway from your ISP)
On the vmbr1-port without a VLAN put the the LAN-IP to the 192.168.1.1
Within the OPNSense (or other type) configure a port-forward for YOUR external IP to be able to access the proxmox, and also tell it to be able to receive traffic for the rest of your /24 network.
Then move the 192.168.1.2 IP of proxmox to the vmbr1, and now access your proxmox through the port-forward instead.
Finally within your VM set up VLAN's for each of the servers you will be providing internet to, a DHCP-server for each (or do it without and just provide the IP-details) and a 1:1 NAT and set that same VLAN on the network-port of each server that uses that internal IP-range.

So in the end you'll have:
WAN-IP.1 your ISP-router
WAN-IP.2 your management-access to Proxmox and the router itself
WAN-IP.3-.254 your IP's for your customers

Proxmox:
vmbr0 connected to the WAN network-port and just the router-VM, no IP for proxmox on it.
vmbr1 connected to the LAN network-port of your router, and each of your VM's behind it with a seperate VLAN-tag, as well as an IP for proxmox

Router:
Receive WAN-IP.2 for management with a port-forward to proxmox
Receive WAN-IP.3-.254 for your customers, set up as a 1:1 translation, all ports open, to each VM
An untagged LAN-port for Proxmox
A VLAN-tagged LAN/OPT port for each customer with it's own IP-range (they can NOT overlap), optionally with a DHCP-server as well.

VM:
A LAN-port tagged to a certain VLAN so it can receive/set an IP, reach the router, and from there be translated to it's dedicated WAN-IP
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!