How to setup 2 IP addresses of which 1 is used for all VM/LXC?

murda · Friday at 16:19

Hello, I have the following scenario. I installed Proxmox on my bare metal server and I later ordered an additional IPv4 /32 address. I want to access and perform network operations on the PVE host with the main IP address only, and use the secondary IP address strictly for my VM's and LXC containers. I've only ever setup NAT masquerading with a single IP address but never more than 1.

- I have 1 NIC
- How do I add the 2nd IP address to Proxmox?
- Is routed or NAT masquerading the appropriate method here?

Both addresses are in the same subnet. I've tried adding a new bridge for the 2nd address in the web ui but I get the following: "gateway: Default gateway already exists on interface 'vmbr0'."

vesuvienne · Friday at 19:27

you can add a new vmbr1 for exemple
and do a NAT masquerading and you will have
* vmbr0 (default proxmox config) = 192.168.1.23
* vmbr1 = 192.168.20.1

Code:

auto vmbr0
iface vmbr0 inet static
        address 192.168.1.23/24
        gateway 192.168.1.254
        bridge-ports enp1s0
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address 192.168.20.1/24 # this is the gateway of futur VM plug on vmbr1
        bridge-ports none
        bridge-stp off
        bridge-fd 0

murda · Friday at 20:48

vesuvienne said:
you can add a new vmbr1 for exemple
and do a NAT masquerading and you will have
* vmbr0 (default proxmox config) = 192.168.1.23
* vmbr1 = 192.168.20.1

Code:

auto vmbr0 iface vmbr0 inet static address 192.168.1.23/24 gateway 192.168.1.254 bridge-ports enp1s0 bridge-stp off bridge-fd 0 auto vmbr1 iface vmbr1 inet static address 192.168.20.1/24 # this is the gateway of futur VM plug on vmbr1 bridge-ports none bridge-stp off bridge-fd 0

Hello, thanks for your reply. This doesn't seem to work.

In my container:

Code:

root@CT100:~# ping google.com
ping: google.com: Temporary failure in name resolution
root@CT100:~# ping 1.1.1.1
ping: connect: Network is unreachable

Here's my config.

Code:

auto lo
iface lo inet loopback

iface enp0s31f6 inet manual

auto vmbr0
iface vmbr0 inet static
    address xx.xx.xx.210/26
    gateway xx.xx.xx.193
    bridge-ports enp0s31f6
    bridge-stp off
    bridge-fd 0

auto vmbr1
iface vmbr1 inet static
    address xx.xx.xx.198/26
    bridge-ports none
    bridge-stp off
    bridge-fd 0

auto vmbr2
iface vmbr2 inet static
    address 10.0.0.1/24
    bridge-ports none
    bridge-stp off
    bridge-fd 0

    post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up   iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o enp0s31f6 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o enp0s31f6 -j MASQUERADE


source /etc/network/interfaces.d/*

intrax · Friday at 22:24

Why nat io bridged networking ?

murda · Friday at 23:09

intrax said:
Why nat io bridged networking ?

What do you mean?

intrax · Friday at 23:11

Question is clear!

murda · 2024-06-29T00:36:47+0200

intrax said:
Question is clear!

I genuinely have no clue what you're talking about. Are you asking why I don't use bridged networking? If so it's because my hosting provider doesn't allow it

intrax · 2024-06-29T00:46:40+0200

I'm using bridged networking for my vm's and containers. Goodluck!

vesuvienne · 2024-06-29T08:19:13+0200

murda said:

Hello, thanks for your reply. This doesn't seem to work.

In my container:

Code:

root@CT100:~# ping google.com
ping: google.com: Temporary failure in name resolution
root@CT100:~# ping 1.1.1.1
ping: connect: Network is unreachable

Here's my config.

Code:

auto lo
iface lo inet loopback

iface enp0s31f6 inet manual

auto vmbr0
iface vmbr0 inet static
    address xx.xx.xx.210/26
    gateway xx.xx.xx.193
    bridge-ports enp0s31f6
    bridge-stp off
    bridge-fd 0

auto vmbr1
iface vmbr1 inet static
    address xx.xx.xx.198/26
    bridge-ports none
    bridge-stp off
    bridge-fd 0

auto vmbr2
iface vmbr2 inet static
    address 10.0.0.1/24
    bridge-ports none
    bridge-stp off
    bridge-fd 0

    post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up   iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o enp0s31f6 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o enp0s31f6 -j MASQUERADE


source /etc/network/interfaces.d/*

follow the doc, your NAT should look like that

Code:

auto vmbr1
iface vmbr1 inet static
        address 10.0.0.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

UdoB · 2024-06-29T09:57:49+0200

Just for reference: https://pve.proxmox.com/wiki/Network_Configuration#sysadmin_network_masquerading

Search

Search

How to setup 2 IP addresses of which 1 is used for all VM/LXC?

murda

New Member

vesuvienne

Member

murda

New Member

intrax

Member

murda

New Member

intrax

Member

murda

New Member

intrax

Member

vesuvienne

Member

UdoB

Famous Member