Confirming VM Networking and Public IP Behavior in Proxmox Setup

[abhijith]

Hello,

I want to confirm if my current Proxmox networking setup is configured correctly and working as expected. Here's the scenario:

• I have a Proxmox server with a public IP assigned (e.g., 103.xxx.xxx.244) on vmbr0.
• My organization uses a Sophos firewall for routing and NAT. The firewall has its public IP (e.g., 103.xxx.xxx.242) and handles all internet-bound traffic for the internal network, including the Proxmox server.
• I have created multiple VMs inside Proxmox, and they are using vmbr0 for their network connection.

Observations:

1. When VMs access the internet, their public IP appears as 103.xxx.xxx.242, which is the firewall's public IP, not the Proxmox server's public IP (103.xxx.xxx.244).
2. Other machines in the same internal network behave similarly; their outbound traffic also shows 242 as the public IP.
3. Proxmox itself, when accessing the internet, shows its public IP as 244.

Questions:

1. Is this behavior normal, considering the VMs are connected through vmbr0, and the firewall is performing NAT?
2. If I want all my VMs to use the Proxmox server's public IP (244) for internet traffic instead of the firewall's IP (242), what changes would I need to make in the Proxmox network configuration or the Sophos firewall?
3. Are there any best practices or considerations when deciding between using the firewall's public IP versus the Proxmox server's public IP for VMs?

I appreciate any guidance or suggestions to better understand and optimize this setup.


The below is my proxmox network interface .

auto lo
iface lo inet loopback

iface enp5s0 inet manual

iface enp4s0 inet manual

auto vmbr0
iface vmbr0 inet static
address 172.16.10.31/24
gateway 172.16.10.1
bridge-ports enp5s0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

source /etc/network/interfaces.d/*