How to configure bridged networking on KVM guests (pfSense)

Discussion in 'Proxmox VE: Installation and configuration' started by Kirtaner, Oct 10, 2013.

  1. Kirtaner

    Kirtaner New Member

    Joined:
    Oct 10, 2013
    Messages:
    1
    Likes Received:
    0
    Hi, I'm new to Proxmox and loving it so far with my OpenVZ containers. However I can't seem to get KVM guests internet-accessible nor can I find a definitive howto on how to properly set up internet-facing bridged interfaces.

    I have two NICs and a block of 5 IP addresses and this is how I'm trying to get them set up

    eth0 -> vmbr0 -> Proxmox management [public IP 216.107.x.154]
    eth1 -> vmbr1 -> KVM guest eth0 (Internet-facing pfSense WAN) [intended public IP 216.107.x.155]

    I'll worry about .156, .157, and .158 later, those being my other public IPs.

    I also have another bridge (vmbr420) for the pfSense LAN that is working correctly with DHCP assigning IPs and network traffic working between other KVM guests. I intend on using port-forwarding on the pfSense KVM to perform NAT with a single public IP.

    I've been smashing my head at this all day with no tangible result. Here's my current /etc/network/interfaces

    Code:
    auto lo
    iface lo inet loopback
    
    iface eth0 inet manual
    
    iface eth1 inet manual
    
    auto vmbr0
    iface vmbr0 inet static
            address  216.107.x.154
            netmask  255.255.255.248
            gateway  216.107.x.153
            bridge_ports eth0
            bridge_stp off
            bridge_fd 0
    
    auto vmbr1
    iface vmbr1 inet manual
            bridge_ports eth1
            bridge_stp off
            bridge_fd 0
    
    auto vmbr420
    iface vmbr420 inet manual
            bridge_ports none
            bridge_stp off
            bridge_fd 0
    
    Is vmbr1 correct? I want to assign the IP inside the KVM guest, right? No matter what I try, nothing is working. KVM guests can't hit the internet, and external pings result in 'destination host unreachable'. Also, do I set the KVM guest gateway to 216.107.x.153, or do I not enter a gateway?
     
    #1 Kirtaner, Oct 10, 2013
    Last edited: Oct 10, 2013
  2. screenie

    screenie Member

    Joined:
    Jul 21, 2009
    Messages:
    146
    Likes Received:
    0
    i assume both nic's are connected to a switch (preferably not the same) i would do that:

    auto lo
    iface lo inet loopback

    iface eth0 inet manual

    iface eth1 inet manual

    auto bond0
    iface bond0 inet manual
    bond_mode active-backup
    bond_miimon 100
    bond_updelay 200
    bond_downdelay 200
    slaves eth0 eth1

    auto vmbr0
    iface vmbr0 inet static
    address 216.107.x.154
    netmask 255.255.255.248
    gateway 216.107.x.153
    network 216.107.x.152
    broadcast 216.107.x.159
    bridge_ports bond0
    bridge_stp off
    bridge_fd 0


    auto vmbr420
    iface vmbr420 inet manual
    bridge_ports none
    bridge_stp off
    bridge_fd 0


    Your KVM guests are connected to vmbr0 with default network configuration - same netmask, gateway as your host
     
  3. symmcom

    symmcom Active Member

    Joined:
    Oct 28, 2012
    Messages:
    1,062
    Likes Received:
    16
    Do you have any virtualized pfSense in your setup?

    Are vmbr1 and vmbr420 for 2 different subnets?

    Based on what i could understand, following is a diagram of possibly what you are thinking of. My apologie if it is far from your intended setup. In this scenario, by using a Physical pfSense and a virtualized pfSense you can use only one Public IP and give all VMs on different subnets internet access specially when subnets are different.
    proxmox-net1.png
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 symmcom, Oct 11, 2013
    Last edited: Oct 11, 2013
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice