how to both bridge and nat network

[klinutzu]

hello, i have a proxmox installation with public ip and several public IP's on vm's, but i need 2 more vm's and don't have any more public IP so i want to use both bridge mode with nat mode in same time. it's possible or not? thx

 

[wolfgang]

Hi,

see https://pve.proxmox.com/pve-docs/pve-admin-guide.html#sysadmin_network_configuration

 

[MikeWebb]

Yeah that seemed like a bit of a throw away comment. I've hit this same issue and have read through the admin-guide and found it hard to abstract an answer from it. I ended up enabling sr-iov on my card and and bridging and NATing on different VF's.

I later found this but haven't confirmed it to work but it looks sane to me:

auto lo
iface lo inet loopback

iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
address 79.x.x.x
netmask 255.255.255.0
gateway 79.x.x.x
bridge_ports eth0
bridge_stp off
bridge_fd 0

auto vmbr1
iface vmbr1 inet static
address 10.10.10.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADEWould this be okay?

https://forum.proxmox.com/threads/proxmox-ve-nat-and-bridge-with-1-physical-interface.16710/