Bridge for Each VM

[Ben McGuire]

We have VMs with public IPs and for added security we want to create a bridge for each VM. We have 2 NICs but only using one.

Our vmbr0 is setup with our public IP and gateway and all our VM are using this bridge.

We can add bridges without IP addresses but if we add this bridge vmbr10 to a VM then how doe this VM get out on the internet? Do we need to tell the bridge to route via the default gateway on vmbr0?

Lastly our post has two questions:-
As our proxmox host is using vmbr0 we want to put all other vms on different bridges for security? Is there any security benefit in doing this as all vms have public IPs?
We thought about Vlans but we tried enableing vlan-aware and adding a tag to the VMs interface but the VM gets no internet access so we though multiple bridges would be easier.

CAN SOMEONE PLEASE HELP AS THIS IS OUR THIRD POST AND WE HAVE RECEIVED NOT ONE RESPONSE.

 

[wolfgang]

As our proxmox host is using vmbr0 we want to put all other vms on different bridges for security? Is there any security benefit in doing this as all vms have public IPs?

No because they can communicate then over the eth0 or over the switch.

We thought about Vlans but we tried enableing vlan-aware and adding a tag to the VMs interface but the VM gets no internet access so we though multiple bridges would be easier.

see https://forum.proxmox.com/threads/vlans-vms.29300/#post-147022

 

[Aron Dijkstra]

1. Public IP's they are all routable on the internet, what is the added security to have them use another bridge? They can reacht other over the same network or through the router or switch...
2. Please lookup vlan's. if you want to use vlan's you need to have a router in every vlan you create and even then they can reach each other through routing.
3. What i think you need is firewalling, but before that make your self clear what you want, and even if you need that.