Hi and Hello,
I´m new to this Forum and a rookie on Proxmox. I read about my questions google up and google down, and in the end all has confused me. I decided to talk to the Proxmox-Professionals
My Goal:
Is to have a virtual Firewall installed on Proxmox with 2 or 3 virtual zones (DMZ/Green/etc). Proxmox-Host and Virtual-Firewall should have different public IPs. All virtual guests should talk to the internet through the virtual firewall.
What I have:
Proxmox installed on a root-server with 1x NIC and 2 IP-Adresses. My Host-Provider has "port security" activated, therefore only 1x MAC address is allowed.
My Questions:
1. In /etc/network/interfaces should I use routed-config or bridged config with proxyARP? And how should I configure it?
2. What else have I to do with routing and forwarding?
3. Is it a problem that main and second public IP are on different subnets? Do I need to set a route?
4. If I use proxyARP how can I manage that only my "red" zone has direct connection to the internet?
5. How should I bring up the second IP - is there a way to use the second IP directly on the virtualized "red" interface?
My best shot on the interfaces-config till now:
# network interface settings
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 85.25.19x.xxx
netmask 255.255.255.192
gateway 85.25.196.193
# 2. IP
auto eth0:0
iface eth0:0 inet static
address 85.25.15x.xxx
netmask 255.255.255.255
post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
#Internal Switch Green
auto vmbr0
iface vmbr0 inet static
address 192.168.0.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
#Internal Switch Orange
auto vmbr1
iface vmbr1 inet static
address 192.168.1.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
#Internal Switch Red
auto vmbr2
iface vmbr2 inet static
address 192.168.2.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
Problem on this config is, in every zone .254 could be used as gateway and second public IP isn´t seen on the outside, all requests coming from the main public IP.
I hope there is someone who can help me with this.
Thanks and regards,
Leo
I´m new to this Forum and a rookie on Proxmox. I read about my questions google up and google down, and in the end all has confused me. I decided to talk to the Proxmox-Professionals
My Goal:
Is to have a virtual Firewall installed on Proxmox with 2 or 3 virtual zones (DMZ/Green/etc). Proxmox-Host and Virtual-Firewall should have different public IPs. All virtual guests should talk to the internet through the virtual firewall.
What I have:
Proxmox installed on a root-server with 1x NIC and 2 IP-Adresses. My Host-Provider has "port security" activated, therefore only 1x MAC address is allowed.
My Questions:
1. In /etc/network/interfaces should I use routed-config or bridged config with proxyARP? And how should I configure it?
2. What else have I to do with routing and forwarding?
3. Is it a problem that main and second public IP are on different subnets? Do I need to set a route?
4. If I use proxyARP how can I manage that only my "red" zone has direct connection to the internet?
5. How should I bring up the second IP - is there a way to use the second IP directly on the virtualized "red" interface?
My best shot on the interfaces-config till now:
# network interface settings
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 85.25.19x.xxx
netmask 255.255.255.192
gateway 85.25.196.193
# 2. IP
auto eth0:0
iface eth0:0 inet static
address 85.25.15x.xxx
netmask 255.255.255.255
post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
#Internal Switch Green
auto vmbr0
iface vmbr0 inet static
address 192.168.0.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
#Internal Switch Orange
auto vmbr1
iface vmbr1 inet static
address 192.168.1.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
#Internal Switch Red
auto vmbr2
iface vmbr2 inet static
address 192.168.2.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
Problem on this config is, in every zone .254 could be used as gateway and second public IP isn´t seen on the outside, all requests coming from the main public IP.
I hope there is someone who can help me with this.
Thanks and regards,
Leo
Last edited: