how do I create a two vlans on two separate bridge ports and link them?

J

jraypix

New Member
Nov 1, 2024
2
0
1
Hello everyone... I'm faced with an issue regarding accessing my proxmox host and vm on the same network.
I have two networks, the first is the vlan connected directly to my proxmox server and the second is another vlan configured on a cisco router and attached to my server...
My server is directly accessible via LAN, but the vm is inaccessible to the outside, but the site I'm hosting on the vm is accessible within the vm. What I want to achieve is to be able to access the site I'm hosting outside the vm with a different IP as for my proxmox host.

Here's my current configuration:

auto lo
iface lo inet loopback

auto eno1
iface eno1 inet manual

iface eno3 inet manual

iface eno4 inet manual

auto eno2
iface eno2 inet manual

auto vmbr0
iface vmbr0 inet static
address 192.168.10.x/24
gateway 192.168.10.1
bridge-ports eno1
bridge-stp off
bridge-fd 0s
bridge-vlan-aware yes
bridge-vids 2-4094

auto vmbr1
iface vmbr1 inet static
address 10.100.0.x/16
gateway 10.100.0.1
bridge-ports eno2
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

#vmbr0 is the bridge for the proxmox host, while vmbr1 is the bridge for the vm

Please if there's another method of dealing with this issue, I'll really appreciate.
Thank you all
 
If I understand you correctly I think you are over complicating this. Apologies in advance if I am barking up the wrong tree. On my network (outside of Proxmox) I have a pfsense box running my firewall/router and a managed switch. I have 6 different VLANs set up: 10, 20, 30, 40, 50 and 60. Each VLAN has a DHCP server set up on pfsense. I run a trunked/tagged port from my switch to pfSense, and I run the another trunked/tagged port to my Proxmox server. Trunked/tagged ports pass ALL the VLANs. I also have untagged/access ports set up on my switch that only pass one VLAN, to devices which are not VLAN aware. You can only pass trunked/tagged ports to VLAN aware devices.

In Proxmox, I have my network set up as follows. You can change this if you want to have a bond or LACP using multiple NICs to your switch, or you might want to pass through NICs to certain VMs. This is my set up with one 10gbe NIC
auto lo
iface lo inet loopback

iface enp3s0 inet manual

auto vmbr0
iface vmbr0 inet static
bridge-ports enp3s0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4092

auto vmbr0.10
iface vmbr0.10 inet static
address 10.10.10.2/24
gateway 10.10.10.1

My Proxmox web interface is on VLAN 10 at 10.10.10.2. I change the third octet for each VLAN, just to make it easier to keep track. This is configured in pfSense. So 10.10.20.0/24 is VLAN20, 10.10.30.0/24 is VLAN30 and so on.

Inside of the VM network hardware configuration screen (either when you are creating the VM or after), you can slect the VLAN that the VM should use. (10, 20, 40, etc.). I control the access between VLANs in the firewall rules on my pfSense box, since I mostly don't want any communication between VLANs. All VLANs can reach the WAN however.

As long as all of your VLANs are set up on one router, you only need one gateway in pfSense. So I do not need to add a gateway for 10.10.20.1, 10.10.30.1, etc.

On one of my servers with 2 NICs, I do have a second VMBR set up on the second NIC, because the first NIC is a 2.5GBE link and the second is a 10GBE link. I leave my proxmox interface on vmbr0 and the faster NIC is set up on vmbr1. Again, I can choose which vmbr to attach a VM to in the VM network hardware set up screen. I keep my interfaces file as simple as possible. For that situation, my file looks something like this (going from memory on this one)
auto lo
iface lo inet loopback

iface eno1 inet manual
iface eno2 inet manual

auto vmbr0
iface vmbr0 inet static
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4092

auto vmbr0.10
iface vmbr0.10 inet static
address 10.10.10.2/24
gateway 10.10.10.1

auto vmbr1
iface vmbr1 inet static
bridge-ports eno2
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4092

Note that I don't need any more IP addresses, since the bridge doesn't use an IP address. And I don't need another gateway either, since it is the same pfSense router. My switch has both 2.5gbe and 10gbe ports, so its all the same switch in my case. The interesting thing about this approach is that Proxmox will route traffic on the same VLAN without going out to the switch, so I was able to get iperf scores of like 25gbps between two VMs on the same proxmox server, but I would get 9gbps between two VMs on the same VLAN, but on separate Proxmox servers, both with 10gbe NICs, and 2.2gbps between two VMs on different VLANs, and on separate Proxmox servers, both with 10gbe NICs. This is because the pfSense box only has 2.5gb NICs, and that becomes the bottleneck.
 
Last edited:
Thank you very much @loui1961... This is great help...
On the side of my experience with proxmox, its very helpful, but on the particular issue, I needed to know if it were possible and how I could go about it...
It's an interesting challenge I took up at my work place :)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back