How to configure bridged networking on KVM guests (pfSense)

Kirtaner

New Member
Oct 10, 2013
1
0
1
Hi, I'm new to Proxmox and loving it so far with my OpenVZ containers. However I can't seem to get KVM guests internet-accessible nor can I find a definitive howto on how to properly set up internet-facing bridged interfaces.

I have two NICs and a block of 5 IP addresses and this is how I'm trying to get them set up

eth0 -> vmbr0 -> Proxmox management [public IP 216.107.x.154]
eth1 -> vmbr1 -> KVM guest eth0 (Internet-facing pfSense WAN) [intended public IP 216.107.x.155]

I'll worry about .156, .157, and .158 later, those being my other public IPs.

I also have another bridge (vmbr420) for the pfSense LAN that is working correctly with DHCP assigning IPs and network traffic working between other KVM guests. I intend on using port-forwarding on the pfSense KVM to perform NAT with a single public IP.

I've been smashing my head at this all day with no tangible result. Here's my current /etc/network/interfaces

Code:
auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
        address  216.107.x.154
        netmask  255.255.255.248
        gateway  216.107.x.153
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

auto vmbr1
iface vmbr1 inet manual
        bridge_ports eth1
        bridge_stp off
        bridge_fd 0

auto vmbr420
iface vmbr420 inet manual
        bridge_ports none
        bridge_stp off
        bridge_fd 0

Is vmbr1 correct? I want to assign the IP inside the KVM guest, right? No matter what I try, nothing is working. KVM guests can't hit the internet, and external pings result in 'destination host unreachable'. Also, do I set the KVM guest gateway to 216.107.x.153, or do I not enter a gateway?
 
Last edited:
i assume both nic's are connected to a switch (preferably not the same) i would do that:

auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

auto bond0
iface bond0 inet manual
bond_mode active-backup
bond_miimon 100
bond_updelay 200
bond_downdelay 200
slaves eth0 eth1

auto vmbr0
iface vmbr0 inet static
address 216.107.x.154
netmask 255.255.255.248
gateway 216.107.x.153
network 216.107.x.152
broadcast 216.107.x.159
bridge_ports bond0
bridge_stp off
bridge_fd 0


auto vmbr420
iface vmbr420 inet manual
bridge_ports none
bridge_stp off
bridge_fd 0


Your KVM guests are connected to vmbr0 with default network configuration - same netmask, gateway as your host
 
Do you have any virtualized pfSense in your setup?

Are vmbr1 and vmbr420 for 2 different subnets?

Based on what i could understand, following is a diagram of possibly what you are thinking of. My apologie if it is far from your intended setup. In this scenario, by using a Physical pfSense and a virtualized pfSense you can use only one Public IP and give all VMs on different subnets internet access specially when subnets are different.
proxmox-net1.png
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!