Configuring routing on Proxmox

J

Jeremiah Steaves Isaac

New Member
Feb 18, 2016
2
0
1
35
Hi All,

I need help with routing on proxmox.

I am trying to configure routing as shown in the diagram attached.

I will start configuring the routing part later, but what i dont understand is how VMs in the 192.168.1.0/24 network are able to ping vmbr0 . I need to isolate them and make them communicate only with vmbr1 as shown the diagram. Once that is achieved , i could configure routing on the ubuntu proxy.

I tried dropping packets on both interfaces of the proxmox server with the following iptables rules but i'm still able to ping vmbr0 from the 192.168.1.0/24 network.

EDIT : vmbr0 is bridged to eth0 on the proxmox server and vmbr1 is bridged to the ethernets of the VMs and eth1 of the ubuntu proxy (as in diagram ).


iptables -I FORWARD -i vmbr0 -o vmbr1 -j DROP
iptables -I FORWARD -o vmbr0 -i vmbr1 -j DROP


I even disabled ip forwarding on the proxmox server . I'm sure i'm missing something, not sure what it is though.



NW_Arch (1).png NW_Arch (1).png
 
Last edited:
Jeremiah Steaves Isaac said:
I will start configuring the routing part later, but what i dont understand is how VMs in the 192.168.1.0/24 network are able to ping vmbr0 .
Click to expand...



Jeremiah Steaves Isaac said:
but i'm still able to ping vmbr1 from the 192.168.1.0/24 network.
Click to expand...

Do you mean now vmbr0 or vmbr1?


Jeremiah Steaves Isaac said:
vmbr0 is bridged to eth0 on the proxmox server and vmbr1 isnt bridged to any interface.
Click to expand...


But the diagram says it is .....


Jeremiah Steaves Isaac said:
iptables -I FORWARD -i vmbr0 -o vmbr1 -j DROP
iptables -I FORWARD -o vmbr0 -i vmbr1 -j DROP
I even disabled ip forwarding on the proxmox server .
Click to expand...

If you ping from any VM to 10.0.0.1 it works when default route it 192.168.1.1, also in case of forwarding disabled respectively DROPped. Since 10.0.0.1 is assigned to the same server as 192.168.1.1 no forward is necessary. To avoid this you have to define

Code: 
iptables -I INPUT -d 10.0.0.0/24 -s 192.168.1.0/24 -j DROP
 
Richard said:
Do you mean now vmbr0 or vmbr1?





But the diagram says it is .....




If you ping from any VM to 10.0.0.1 it works when default route it 192.168.1.1, also in case of forwarding disabled respectively DROPped. Since 10.0.0.1 is assigned to the same server as 192.168.1.1 no forward is necessary. To avoid this you have to define

Code: 
iptables -I INPUT -d 10.0.0.0/24 -s 192.168.1.0/24 -j DROP
Click to expand...


Thanks a lot Richard, that was careless of me, but you got the idea. I have made the edits. Just gotta work on the routing part now
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back