Both bridge and NAT for home server?

Y

yatesco

Well-Known Member
Sep 25, 2009
211
5
58
Hi,

I have installed Proxmox on top of an existing Debian server (so I can encrypt all the disks) at home and the bridged network is working well:

Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
        address  192.168.0.31
        netmask  255.255.255.0
        gateway  192.168.0.1
        bridge_ports eno1
        bridge_stp off
        bridge_fd 0

However, this naturally means each container/KVM guest gets a public IP. For most of them however, I would rather they use NAT.

So my question is, what magic incantation is needed so I can have two networks in Proxmox, one on the 'public' bridge and another one that uses NAT only?

Thanks!
 
Nope, it is an IP assigned from my local router which itself NATs out to the internet.
 
why would you want to have NAT?
but anyway, just create a second bridge that is not connected to any network card or that is using NAT and assign that to your VMs

the bridge is essentially works like a switch, and you can have several switches in your network fabric.
but that also means that any VMs you connect to this bridge will need a static IP.
you might however encounter issues connecting this VMs to internet.
 
jim.bond.9862 said:
why would you want to have NAT?
but anyway, just create a second bridge that is not connected to any network card or that is using NAT and assign that to your VMs

the bridge is essentially works like a switch, and you can have several switches in your network fabric.
but that also means that any VMs you connect to this bridge will need a static IP.
you might however encounter issues connecting this VMs to internet.
Click to expand...
Thanks Jim. The reason I want NAT is because I tend to prefer many little containers, each doing one thing, and each one wanting its own IP is getting painful.

So it sounds like Proxmox has no special requirements here and another bridge with its own IP space which my real bridge forwards/masquerades should be fine.

Thanks
 
I am not 100% sure here, but aren't each container would need it's own IP anyway, even with NAT?
NAT only provides you a way to use single outside IP for several VMs and to allow to have internal IP range translated to external range. in your case it is done via your router.
your router takes a single public IP from your provider and NAT/route into internal range of 192.x.x.x
why do you care to add additional complexity to the setup?

if IPs are not important for you, use your router DHCP for any and all VM/containers and do address reservation instead on your router. this way you do not have to think about it.
you span up the VM
it gets IP from the router DHCP. when all is good just go into router and reserve existing IP for that VM or reserve IP you want for that MAC and on reboot it will get that IP.
simple and worry free.
what you want is essentially double NATing. you have NAT on the server and you have NAT on the router.
and there is simply no good reason to do this. but it is your choice.
 
jim.bond.9862 said:
I am not 100% sure here, but aren't each container would need it's own IP anyway, even with NAT?
Click to expand...
This all comes from the fact I will have lots of little containers, add in to that the ridiculous number of electronic devices my kids and their friends (and grandparents etc) and you quickly get to the point where you have 100s of IPs floating around.

It is much cleaner (to me anyway) if the containers use the server's IP to masquerade behind. For those containers that need to be accessible from the internet I can do portforwarding or give them a "real" IP address.

Maybe I misunderstood but I assumed it would be fine to have:
- my superhub NAT/masquerading for 192.168.0.X
- proxmox gets 192.168.0.31
- proxmox has a 'pass through' bridge
- proxmox creates a new bridge for 172...
- proxmox NATs/masquerades from 172 to 192.168.0.31

VMs either chose the 'pass through' bridge to get a 192.168.0.. IP _or_ they chose the new bridge to get a 172...

Those on the pass through bridge are just another machine on the network. Those on the 172 network aren't visible to anyone but they can (thanks to NAT) talk to the internet.

This is all just about 'tidyness'.
 
may work.
I had some trouble in the past getting the NAT setup like you proposing work properly, so I maybe biased :)
but if it works why not.

as for many IPs floating around, why do you care?
switch your router mask to something like 255.255.192.0 or /18
that will give you 16K of IPs . IP range 192.168.0.0 - 192.168.63.255
set DHCP to something like 192.168.20.1-192.168.20.254
and reserve everything under 192.168.20.x for your VMs.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back