How to setup additional IP's from host for VM's

M

mullick

New Member
Sep 20, 2021
4
0
1
35
Hello, I want to start off by saying this isnt really proxmox specific, just me being a novice when it comes to networking

I rented a hosted proxmox server that came with one IP address. Im just using this one for management and have enabled the firewall, only allowing traffic from my IP
I also purchased an additional 5 ip addresses and was given a /29 with a seperate gateway. I want to assign these to specific vm's i'll be building.

The server has one 10g nic

Im trying to figure out how best to add these IP's to proxmox, or if I need to at all. The VM's are all ubuntu 20.04 server
There are 4 nics on the server, /etc/network/interfaces is as below


Code: 
auto lo
iface lo inet loopback

iface enp35s0 inet manual

auto vmbr0
iface vmbr0 inet static
    address xxx.xxx.xxx.xxx/30
    gateway xxx.xxx.xxx.xxx
    bridge-ports enp43s0f1
    bridge-stp off
    bridge-fd 0

iface enp36s0 inet manual

iface enp43s0f0 inet manual

iface enp43s0f1 inet manual

iface enx3a474b370b30 inet manual

What are my options for using these IP's for the VM's? Perhaps my google skills are failing as I had a hard time finding anything about this specific situation. Hetzner has some articles but their proxmox documentation doesnt mention additional ip's and their additional ip's documentation doesnt mention proxmox.


I tried just adding a route to the proxmox host, I tried adding a vmbr1 but I keep getting destination host unreachable from the IP i set on the vm. Im not sure if that is down to the gateway I was given being on a different subnet or what. I know I cant have 2 gateways but if I set the gateway to the one on the main IP i was given can it act as the gateway instead of what the host provided for me?


Thanks for anyone willing to take the time to help out someone why get frustrated with networking lol
 
nunner said:
Hi,

did you check out this article from Hetzner? [1] The example configurations do have sections talking about additional IPv4 subnets and addresses.

[1] https://community.hetzner.com/tutor...ure-proxmox_ve#step-2---network-configuration
Click to expand...
Thank you for the response.
I have tried that and I have the host setup following the Bridged guidelines

However when it comes to the guests I am using ubuntu 20.04 which uses netplan and trying to convert the /etc/network/interfaces to a netplan config have proven too difficult for me I guess
 
mullick said:
Thank you for the response.
I have tried that and I have the host setup following the Bridged guidelines

However when it comes to the guests I am using ubuntu 20.04 which uses netplan and trying to convert the /etc/network/interfaces to a netplan config have proven too difficult for me I guess
Click to expand...

You could post the content of your current /etc/network/interfaces of your Proxmox Machine (in a codeblock and with parts of your WAN-address masked) and details about the VM. Then we can help you with that additional IP address.
 
B.Otto said:
You could post the content of your current /etc/network/interfaces of your Proxmox Machine (in a codeblock and with parts of your WAN-address masked) and details about the VM. Then we can help you with that additional IP address.
Click to expand...
Thank you for offering help and I apologize for the low effort post thus far. I just havent had much time to work on it and got defeated, Back at it though,

The server came with a single ip address on the 10g link I ordered.

Code: 
***.**.**.212/30
netmask 255.255.255.252
gateway ***.**.**.213
Server IP ***.***.**.214

They gave me the following info for my additional IP block but when I asked for guidance on using those IPs they told me to look at proxmox documentation

Code: 
/29 IP block: ***.**.***.128/29

Primary IP: ***.**.***.130
Netmask: 255.255.255.248
Gateway: ***.**.***.129
Last IP: ***.**.***.134


Host /ets/network/interfaces
Code: 
auto lo
iface lo inet loopback

iface enp35s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address ***.**.**.214/30
        netmask 255.255.255.255
        pointopoint ***.**.**.213
        gateway ***.**.**.213
        bridge-ports enp43s0f1
        bridge-stp off
        bridge-fd 1

auto vmbr1
iface vmbr1 inet static
        address ***.**.***.128/29
        netmask 255.255.255.248
        bridge-ports none
        bridge-stp off
        bridge-fd 0

iface enp36s0 inet manual

iface enp43s0f0 inet manual

iface enp43s0f1 inet manual

iface enx3a474b370b30 inet manual

Then for the guest (ubuntu 20,04)
Code: 
network:
  ethernets:
    ens18:
      addresses:
      - ***.**.***.130/29
      gateway4: ***.**.**.214
      nameservers:
        addresses:
        - 1.1.1.1
        search: []
        routes:
          - to: 0.0.0.0/0
            via: ***.**.**.214
            on-link: true
  version: 2
All I really want it to keep the single IP as its management ip only and assign ips from the /29 block to specific vms

If I give a guest the gateway of ***.**.**.214 it responds destination reply failure when I try to ping the web. When I set it to the gateway they provided it just fails so Im thinking I need a route but my attempts at those failed
 
Hmm, so you have a machine with only one interface enp43s0f1 on vmbr0, and the additional IP adresses you bought are in a different subnet. Then I suppose your host has configured it so that traffic to your new IP's get sent to that Interface.

So you have to configure your server to route the traffic meant for that network to your VMs.

First of all, you dont have to give your bridge vmbr1 one of the new adresses. You could do that but it means you are losing out on one address.

Code: 
auto lo
iface lo inet loopback

iface enp35s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address ***.**.**.214/30
        pointopoint ***.**.**.213
        gateway ***.**.**.213
        bridge-ports enp43s0f1
        bridge-stp off
        bridge-fd 1

auto vmbr1
iface vmbr1 inet static
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        up ip route add ***.**.***.128/29 dev vmbr1
        down ip route del ***.**.***.128/29

iface enp36s0 inet manual

iface enp43s0f0 inet manual

iface enp43s0f1 inet manual

iface enx3a474b370b30 inet manual

That way ifup for vmbr1 enables routing and configures the PVE so that every incoming packet to that subnet gets sent through vmbr1.

The VMs which should hold those open IPs should now be connected to vmbr1 and given the usual configurations

Code: 
network:
  ethernets:
    ens18:
      addresses:
      - ***.**.***.130/29
      nameservers:
        addresses:
        - 1.1.1.1
        search: []
        routes:
          - to: default
            via: ***.**.***.129
        on-link: true
  version: 2

Little sidenote: You either use gateway4 or routes to: default, in the netplan YAML file not both. Also, gateway4 has been deprecated, so you should stick to routes to: default or routes to: 0.0.0.0/0
 
Last edited:
B.Otto said:
Hmm, so you have a machine with only one interface enp43s0f1 on vmbr0, and the additional IP adresses you bought are in a different subnet. Then I suppose your host has configured it so that traffic to your new IP's get sent to that Interface.

So you have to configure your server to route the traffic meant for that network to your VMs.

First of all, you dont have to give your bridge vmbr1 one of the new adresses. You could do that but it means you are losing out on one address.


Little sidenote: You either use gateway4 or routes to: default, in the netplan YAML file not both. Also, gateway4 has been deprecated, so you should stick to routes to: default or routes to: 0.0.0.0/0
Click to expand...
Thank you so much for the help. I believe thats nearly it but im now getting

From ***.**.***.130 icmp_seg=1 Destination Host Unreachable

from the VM's

Here are the configs to make sure I didnt screw anything up

Code: 
  GNU nano 5.4                                                           /etc/network/interfaces
auto lo
iface lo inet loopback

iface enp35s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address ***.**.**.214/30
        netmask 255.255.255.255
        pointopoint ***.**.**.213
        gateway ***.**.**.213
        bridge-ports enp43s0f1
        bridge-stp off
        bridge-fd 1

auto vmbr1
iface vmbr1 inet static
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        up ip route add ***.**.***.128/29 dev vmbr1
        down ip route del ***.**.***.128/29

iface enp36s0 inet manual

iface enp43s0f0 inet manual

iface enp43s0f1 inet manual

iface enx3a474b370b30 inet manual

And then the VM's


Code: 
network:
  ethernets:
    ens18:
      addresses:
      - ***.**.***.130/29
      nameservers:
        addresses:
        - 1.1.1.1
        search: []
      routes:
        - to: default
          via: ***.**.***.129
          on-link: true
  version: 2
 
Last edited:
Hey,

first of all, there was a small typo in the file, you should be able to delete the 'netmask' line - the subnet is already defined as CIDR notation with ***.**.**.214/30. (Thanks to n4bz0r for pointing that out!)

So the vmbr0 block should look like that:
Code: 
auto vmbr0
iface vmbr0 inet static
        address ***.**.**.214/30
        pointopoint ***.**.**.213
        gateway ***.**.**.213
        bridge-ports enp43s0f1
        bridge-stp off
        bridge-fd 1
Since your PVE system seems to be reachable I think that line just gets ignored though.

Then I would try to see if the routes have been established:
  • What does ip route give on the PVE host? There should be one to ***.**.***.128/29 via dev vmbr1 now. Might need to ifdown & ifup the vmbr1 to make it post the routes.
  • Can you ping the PVE ***.**.**.214 from the VMs?
  • Can you ping the VM-Gateway ***.**.***.129 from the PVE?
Then, I think I know where the problem is. The posted route makes it so that the PVE transfers all packets with destination ***.**.***.128/29 through vmbr1, but that would also apply to the gateway ***.**.***.129 address. So we need to tell him that traffic to that specific address should be handled as normal. I would try something like this:

Code: 
auto vmbr1
iface vmbr1 inet static
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        up ip route add ***.**.***.128/29 dev vmbr1
        up ip route add ***.**.***.129/32 dev vmbr0
        down ip route del ***.**.***.128/29

(note the /32 syntax here to denote exactly one ip address). I am actually not sure if that will do the trick (does the routing table respect the sequence of placed routing rules?)

Kind regards,
Benedikt
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom