Dummy network interface

jnieuw

Renowned Member
May 6, 2015
33
0
71
I have two interfaces with bridges:
eth0 (vmbr0)
eth1 (vmbr1)

I want a third (virtual) interface that can communicate with vmbr1/vmbr0.
I tried this:
eth0 (vmbr0)
eth1 (vmbr1)
vmbr2 (with no eth)

Now I can communicate with all VM's on the proxmox server (vmbr0-3), but I cannot communicate with other physical interfaces outside the server.
See: https://pve.proxmox.com/wiki/Network_Model "For connecting VMs to the outside world, bridges are attached to physical network cards assigned a TCP/IP configuration"
Can I create a "dummy" network card for vmbr2 so vmbr2 can connect to the "outside world"?
 
How would the dummy interface that isn't connected to a real ETH device supposed to reach the real network?

What exactly are you trying to accomplish? Why make the dummy interface at all if you want it connected to the rest of the network? Just hook it into the other vmbr devices instead.

The idea behind putting a dummy interface in is to have communication between the VMS without going out the real network interfaces.
 
How would the dummy interface that isn't connected to a real ETH device supposed to reach the real network?

What exactly are you trying to accomplish? Why make the dummy interface at all if you want it connected to the rest of the network? Just hook it into the other vmbr devices instead.

The idea behind putting a dummy interface in is to have communication between the VMS without going out the real network interfaces.

I want a few VM's to be part of their "own" network, but this network should be able to contact the internet.
vmbr0 is WAN
vmbr1 is LAN
vmbr2 is also LAN, but should be on its own subnet.

I use pfSense to route the networks between WAN and LAN. In pfSense I add 3 interfaces, WAN, LAN, LAN2 (new virtual network).
When I do this now I can ping from LAN2 (vmbr2-no eth) to LAN1 (vmbr1-eth1) VM machines, but I can't ping from LAN2 (vmbr2-no eth) to any other physical PC on LAN1 or the internet...
 
If you have a virtualized router it will work to connect your networks.

The problem then lies in your routes and firewall/Nat configuration in your router
 
No, but when I do it works. So it's not a NAT/firewall or routing problem.
Also without the physical interface I CAN ping/connect to other VM'S from (LAN1)vmbr1 to (LAN2)vmbr2 and vica versa.
I CAN'T ping/connect from (LAN2)vmbr2 to other physical ethernet cards (also on LAN1, vmbr1)
The firewall in proxmox is not used.
 
I have this set up on my server. It works.

I have a VMBR2 that is not connected to an interface.
I have a VMBR1 that IS connected to an interface.
I use a virtual router that uses VMBR1 as WAN interface
Virtual router uses VMBR2 as LAN interface
All VMs behind this router use VMBR2 as their only interface.
Routing and translation takes place in the virtual router for these VMs. If I want to connect to a VM in this internal zone, I have to configure the router to allow it.

Again, you don't need a physical interface in order for it to work.
 
...Again, you don't need a physical interface in order for it to work.

Exactly, it should work. But a picture says more than words. How would I be able to do this:

This already works (for years):

pm1.jpg

I want this:
pm2.jpg
 
You just set up a router in there somewhere connected to the vmbr 's that you want to control access to. You use routing and firewalls like any physical network. I use VyOS for my virtual router needs.
 
You just set up a router in there somewhere connected to the vmbr 's that you want to control access to. You use routing and firewalls like any physical network. I use VyOS for my virtual router needs.

I've used pfSense for that for years... Works perfectly.
What version of Proxmox do you use?
 
I've used pfSense for that for years... Works perfectly.
What version of Proxmox do you use?
The latest proxmox. 3.4

You treat your virtual switch like a physical. Create a router VM, attach it to every vmbr. Create your acls/firewall rules, and if you want to Nat, configure that.

I run entire networks inside of vmbrs in this fashion.
 
The latest proxmox. 3.4

You treat your virtual switch like a physical. Create a router VM, attach it to every vmbr. Create your acls/firewall rules, and if you want to Nat, configure that.

I run entire networks inside of vmbrs in this fashion.

After a reboot of pfSense it started to work.
But there is still one strange thing, maybe you can test that too:

If you look at picture 2 from my previous post I can ping from:
VM5 to VM1 (pfSense) -> that's correct
VM5 to VM2 --> correct
VM5 to PC1 --> correct

VM2 and PC1 are on LAN1

Now I block connections from LAN2 to LAN1 in VM1 (pfSense).
This happens:
VM5 to VM1 (pfSense) -> Blocked (correct)
VM5 to VM2 -> I can ping (??, all VM's inside LAN1)
VM5 to PC1 -> I can't ping -> correct (all physical PC's inside LAN1)

Looks like all VM's that are on the "inside" are pingable.
I will try to make LAN3 as well, but then I have to reboot the entire server to create vmbr3.

Or should I use the Proxmox firewall for this?
 
So it's not a NAT/firewall or routing problem.
It's definitely your router (pfSense) problem. Configure it properly. It doesn't matters if you use pfSense or any other router oriented distro. You just have to configure it properly and understand routing/bridging network basis.
I've similar setup, with vmbr2 without any physical NICs attached. I've had dozens of VMs attached it to and one VM router attached to both vmbr2 and vmbr0. It was a plain linux container with custom routing/firewall rules, everything working perfectly. Even with advanced setup, like VLANs, multiple networks and OSPF dynamic router.
So check your virtual router config, you just didn't set it up right.


EDIT: Unless you've misconfigured your bridges and your config doesn't match that on your picture2. Post your 'brctl show' output.
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!