[SOLVED] Assigning static public IP address to VM

D

dmox

Member
Jul 11, 2018
34
0
6
Hi beloved Proxmox Community,
I want to make a LXC directly accessible from the Internet via a public IP address. Atm my whole setup is as follows:

Evil Internet <---> (ix0: A.B.C.D/29) OPNsense firewall (ix1: 192.168.42.1/24) <---> (ge0: 192.168.42.20/24) Proxmox VE server

As you can see currently the only entity with a public IP is my firewall and all VMs are NATed. This setup was fine until we began to plan the hosting of a MDM platform (as a LXC). This requires accessibility via a dedicated public IP address so TLS certificates, DNS for a domain and other stuff can be set up properly.

I tried to think this through (and did some research on the topic) before I start to put my hands on, especially because I can't test on my productive environment.
So my current understanding is that the PVE server at first needs another bridge (e.g. vmbr1) which is then assigned with a public IP address (e.g. A.B.C.E/29) and the gateway of my firewall. Here my first question would be, is it fine to set the internal IP of my firewall (192.168.42.1/24) as the gateway (feels kind of wrong...) or do I need to set the public IP (A.B.C.D/29)? My second question is, can I assign the same interface (in this case a bond) multiple times to different bridges?
Afterwards, I would assign my desired LXC a public IP address which should make it accessible directly from the Internet.

Thank you very much for your response and help.
 
Routing-wise, this is not going to work :-(

Your firewall will need to respond to incoming packages of the new IP, otherwise, they'll just be rejected/dropped. Is your firewall also part of your PVE?

Easiest method is to expose the host behind your firewall via a host-nat (expose all ports) to the world.
 
LnxBil said:
Routing-wise, this is not going to work :-(

Your firewall will need to respond to incoming packages of the new IP, otherwise, they'll just be rejected/dropped. Is your firewall also part of your PVE?
Click to expand...
Hi LnxBil, my firewall is a physical host in front of my PVE server.
LnxBil said:
Easiest method is to expose the host behind your firewall via a host-nat (expose all ports) to the world.
Click to expand...
Do you mean a one-to-one NAT with host-nat? At least that's what I also thought of: I got more than one public IP address, so I could alias IPs on my firewall and assign one of those public IPs via one-to-one NAT to the private IP of my desired LXC. Am I right?
 
dmox said:
Do you mean a one-to-one NAT with host-nat? At least that's what I also thought of: I got more than one public IP address, so I could alias IPs on my firewall and assign one of those public IPs via one-to-one NAT to the private IP of my desired LXC. Am I right?
Click to expand...

Yes, this should be the easiest method (maybe the only one).

There other options if you run you PVE on a public IP and want to have routed or bridged public IP addresses in your LXC, but this is not the case here.
 
LnxBil said:
Yes, this should be the easiest method (maybe the only one).

There other options if you run you PVE on a public IP and want to have routed or bridged public IP addresses in your LXC, but this is not the case here.
Click to expand...
Yes, that's what I experienced while doing my research. Most of the questions/howtos are based on a setup with a public IP assigned to the PVE server.

dmox said:
My second question is, can I assign the same interface (in this case a bond) multiple times to different bridges?
Click to expand...
Just for interest, may I ask for you opinion? Thanks a lot :)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom