Hi,
I am in the middle of configuring the master node for my cluster, which is responsible for the whole homelab network handling. I was able to configure the following services:
- pfSense as VM, uses 2 out of the 4 PCIe, bridged interfaces (vmbr1 from enp1s0f0 for WAN, vmbr2 from enp1s0f1 for LAN) - WAN connected to the modem, LAN to the Dell X1026 switch;
- pihole as LXC, uses vmbr0.40 of the host device;
- wireguard as LXC, uses the vmbr0.40 too.
The node has two network interfaces (eno1 - onboard single port, connected to the Dell Switch, and enp1s0f1-3 - four-ported PCIe card, connected to the modem, switch, empty, empty respectively). It uses the vmbr0.40 as the main interface with assigned IP to it, from the VLAN 40 range.
My plan would be the following:
- be able to connect to the ISP modem (i.e. manage it), which is connected to the enp1s0f0 and requires VLAN 100 (it self assigns itself a static 192.168.100.1 ip address);
- use eno1 interface only for managment and trunked access for the run on the host services, that are not the VPN or DNS resolver. e.g. I want to run some other service on VLAN 20.
- assign DMZ VLAN (tag: 150) for the wireguard LXC, that would use the remaining enp1s0f2 interface;
- assign SERVER/SERVICE VLAN (tag: 50) for the pihole LXC, that would use the remaining enp1s0f3 interface;
The reason for that is I want to be able to physically on/off the VPN and DNS services, while being able to use main interface for the services that are run on that host. This is the only node in my cluster that has the two NICs, and this situation creates additional step in the learning stairs
How would you solve this? What would you guys improve here?
I attach here the working interfaces config from the node:
I am in the middle of configuring the master node for my cluster, which is responsible for the whole homelab network handling. I was able to configure the following services:
- pfSense as VM, uses 2 out of the 4 PCIe, bridged interfaces (vmbr1 from enp1s0f0 for WAN, vmbr2 from enp1s0f1 for LAN) - WAN connected to the modem, LAN to the Dell X1026 switch;
- pihole as LXC, uses vmbr0.40 of the host device;
- wireguard as LXC, uses the vmbr0.40 too.
The node has two network interfaces (eno1 - onboard single port, connected to the Dell Switch, and enp1s0f1-3 - four-ported PCIe card, connected to the modem, switch, empty, empty respectively). It uses the vmbr0.40 as the main interface with assigned IP to it, from the VLAN 40 range.
My plan would be the following:
- be able to connect to the ISP modem (i.e. manage it), which is connected to the enp1s0f0 and requires VLAN 100 (it self assigns itself a static 192.168.100.1 ip address);
- use eno1 interface only for managment and trunked access for the run on the host services, that are not the VPN or DNS resolver. e.g. I want to run some other service on VLAN 20.
- assign DMZ VLAN (tag: 150) for the wireguard LXC, that would use the remaining enp1s0f2 interface;
- assign SERVER/SERVICE VLAN (tag: 50) for the pihole LXC, that would use the remaining enp1s0f3 interface;
The reason for that is I want to be able to physically on/off the VPN and DNS services, while being able to use main interface for the services that are run on that host. This is the only node in my cluster that has the two NICs, and this situation creates additional step in the learning stairs
How would you solve this? What would you guys improve here?
I attach here the working interfaces config from the node:
Code:
auto lo
iface lo inet loopback
iface eno1 inet manual
iface enp1s0f0 inet manual
iface enp1s0f1 inet manual
iface enp1s0f2 inet manual
iface wlp3s0 inet manual
iface enp1s0f3 inet manual
auto vmbr0
iface vmbr0 inet static
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 40
pre-up ip link set eno1 mtu 9000
pre-up ethtool -G eno1 rx 1024 tx 1024
pre-up ethtool -K eno1 tx off gso off
post-up ethtool -K vmbr0 tx off gso off
#host
auto vmbr0.40
iface vmbr0.40 inet static
address 192.168.40.2/24
gateway 192.168.40.1
auto vmbr1
iface vmbr1 inet manual
bridge-ports enp1s0f0
bridge-stp off
bridge-fd 0
#wan
auto vmbr2
iface vmbr2 inet manual
bridge-ports enp1s0f1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
#lan
auto vmbr3
iface vmbr3 inet manual
bridge-ports enp1s0f2
bridge-stp off
bridge-fd 0
#vpn