Can't get VLAN to work

[black-newt]

Having an issue getting internet access to devices on a VLAN. Looked at a few different tutorials and followed along and as far as I can tell i mostly just need a VLAN aware bridge and a sub-interface, but nothing i try seems to work. Trying to get a working VLAN 5.

I have the main interface and a sub-interface set up. I've tried both just the network and also an address (172.16.5.0 vs. 172.16.5.1) and neither work.



My main interface is showing up as VLAN aware



Config from the hardware section of the VM shows it is using VLAN tag 5. However, no internet access makes it to the VM.



So i guess my question is, am i missing something obvious or is this one of those "you don't know what you don't know" moments?

 

[fba]

What do you want to achieve by using a VLAN?
There is a part in the PVE Administration guide describing various setups: https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_choosing_a_network_configuration

 

[shanreich]

Config from the hardware section of the VM shows it is using VLAN tag 5. However, no internet access makes it to the VM.

What do you mean by this? How do you configure the network inside your VM? Can you post its network configuration?

Also, you cannot use 172.16.5.0 as the address for your host inside the /24 - since it is a reserved address so you'd need to use .1 (or any other except .255)

 

[black-newt]

I'd first like to apologize in advance if this ends up being something stupid, like if the problem is me because i have not brushed up on networking in a long time and have forgotten some fundamentals.

@fba , i hope it doesn't sound dumb, but i was hoping to set up a layer 2 network segment that has access to the internet, without adding more cables. I wanted it as separate as possible while i analyze some software and try to capture everything it does on the network, and so i don't get a lot of noise from my admittedly flat network.

@shanreich , what i was trying to convey was that despite naming vlan 5 (vmbr0.5) in my PVE network settings and also the NIC settings, i was not getting any internet on my vm.

changed instead to 10.30.30.0/24


NIC on VM


Interface config on VM. can ping 10.30.30.1, but nothing can get out of that network.

 

[fba]

From your description about tapping in on network traffic of some appliance(s): A vlan isn't required. Setup another vmbr without interface but ip assigned. Configure routing and masquarading for the outbound traffic and assign this bridge to your vm(s). They will have internet access but will be separated from any L2 communication outside the bridge they're connected to.
The /etc/network/interfaces could be like this for that purpose:

auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.0.117/24
        gateway 192.168.0.1
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address 10.30.30.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s 10.30.30.0/24 -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s 10.30.30.0/24 -o vmbr0 -j MASQUERADE