HowTo another Brigde for second Nic

M

mlabenda

New Member
May 13, 2008
11
0
1
Hamburg
www.ibml.com
Hey there.

Just installed proxmox on my new Dell 2970

I have two Broadcom NICS on that server and i like to have two bridges
one for the internal network and one assigned to my DMZ

I changed my interfaces to have the second bridge, but does not show up in the weggui

# network interface settings
auto lo
iface lo inet loopback

#auto eth1
#iface eth1 inet static
# address 192.168.2.2
# netmask 255.255.255.0

auto vmbr0
iface vmbr0 inet static
address 172.16.32.253
netmask 255.255.248.0
gateway 172.16.32.1
bridge_ports eth0

auto vmbr1
iface vmbr1 inet static
address 192.168.2.2
netmask 255.255.255.0
gateway 192.168.2.1
bridge_ports eth1


Am i stupid or does this not work ?
 
AFAIK 'gateway' is the default route, so there must be only one gateway setting.

Beside that configuration looks good. But the PVE managenent tools only support vmbr0 currently. We plan to support more bridges in the next release.

- Dietmar
 
mlabenda said:
I have two Broadcom NICS on that server and i like to have two bridges one for the internal network and one assigned to my DMZ
Click to expand...

Does it make sense to connect the DMZ with the internal net? If there is a way from the internal net to the DMZ without a firewall then the DMZ is no longer a DMZ.

- Dietmar
 
I need the server to be a multihome system.
Feeding the LAN and the DMZ
The access to and from the LAN and the DMZ will done by the firewall.
By default the Interface to the DMZ should not have any access to the Interface for the LAN.

Depending on the "Job" for the VE's they should be connected to the DMZ bridge or to the LAN bridge. Maybe more interfaces in the future.

Hope this makes sense.

When is 1.0 coming out ?
any plan to have the "multibridge support" in 1.0 ???

Beside the bidge issues, this is outstanding software !
I have an ESX running and if the multibridge stuff works, i'm going to kick ESX fully.
 
Bloody mistake with the second gateway ....
Thanks for that

Forgot one thing,
Any chance to limit the access to the webfrontend to a specific network / nic ?
 
mlabenda said:
I need the server to be a multihome system.
Feeding the LAN and the DMZ
The access to and from the LAN and the DMZ will done by the firewall.
By default the Interface to the DMZ should not have any access to the Interface for the LAN.
Click to expand...

If you have one host with access to DMZ and LAN, you destroy the concept of the DMZ.

AFAIK you would need at least a firewall software (configure iptables) on that host to protect acces from DMZ to LAN - but I guess such configuration will not pass any security audit.

mlabenda said:
Depending on the "Job" for the VE's they should be connected to the DMZ bridge or to the LAN bridge. Maybe more interfaces in the future.

Hope this makes sense.
Click to expand...

To protect your DMZ you cant use such configuration - instead you should use 2 hosts (just a security issue).

mlabenda said:
When is 1.0 coming out ?
Click to expand...

end of summer

mlabenda said:
any plan to have the "multibridge support" in 1.0 ???
Click to expand...

yes, there is.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back