[SOLVED] Internal network for VMs not working properly

[zeta]

Hi, i'v a setup like that:
-host
--node A -> bridged, own IP
--node B -> bridged, own IP
--node C -> NAT with host (won't expose the IP)

what i want to do is create a LAN where A B and C can communicate
The fact is that i cant add the vlan tag to A and B because they are in bridged, but C has no bridged interface so no VLAN, how can i solve that?

Edit: issue solved -> https://forum.proxmox.com/threads/separate-private-networks-for-vms.38822/#post-192035

 

[LnxBil]

Cleanest setup would be to create a new bridge on each device and use this for "internal" traffic.

 

[zeta]

Cleanest setup would be to create a new bridge on each device and use this for "internal" traffic.

Hi and thanks for the reply,
This seems a good solution but are you sure i can enable a bridged interface without assigning a public IP address to it?

 

[LnxBil]

Hi and thanks for the reply,
This seems a good solution but are you dure i can enable a bridged interface without assigning a public IP address to it?

Yes, this works, but it would not work as a solution. Sorry for misleading. You then need another device to enslave it to this interface - so forget about the new bridge.

Yet, why did you remove the bridge on the third node in the first place? You can just nat everything you want even with a bridge.

What VMs do you want to have natted on the third node?

 

[zeta]

Yes, this works, but it would not work as a solution. Sorry for misleading. You then need another device to enslave it to this interface - so forget about the new bridge.

Yet, why did you remove the bridge on the third node in the first place? You can just nat everything you want even with a bridge.

What VMs do you want to have natted on the third node?

C node is an ansible machine and what i want to do is to just connect it on the internet for updates and with A and B for executing commands on them, and i want to do that via internal network

By the way, A and B are both bridged with the main node but they cant see eachothers, is this wanted?

I want to create a situation where A, B and C can talk eachother in a private network or something similar without going public (only A and B have a public IP)

 

[namphan1998]

Thank you so much for the informative reply.
Keep up the good work.

 

[zeta]

Update: i did the following
On host

auto vmbr1
iface vmbr1 inet static
        address 10.0.1.1/23
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        post-up /sbin/iptables -t nat -A POSTROUTING -o vmbr0 -j MASQUERADE
        pre-down /sbin/iptables -t nat -D POSTROUTING -o vmbr0 -j MASQUERADE

On node C (the natted one)

auto ens19
iface ens19 inet static
        address 10.0.1.100
        netmask 255.255.255.0
        gateway 10.0.1.1

On node A (bridged with host)

auto lo
iface lo inet loopback

allow-hotplug ens18
iface ens18 inet static
            address xx.xxx.xxx.xxx/29
            gateway xx.xxx.xxx.225
            dns-nameservers 8.8.8.8
            dns-search xxxxx.xx

auto ens19
iface ens19 inet static
            address 10.0.1.101
            netmask 255.255.255.0
            gateway 10.0.1.1

The problem is that on node C and A i get the local ip but i can't ping other hosts

sudo arp -a
?(10.0.1.1) at <incomplete> on ens19

 

[LnxBil]

You bridge does not have any ports attached.

Do you have a dedicated network for the inter-cluster communication? Do you have enough network cards to do this?

 

[zeta]

You bridge does not have any ports attached.

Do you have a dedicated network for the inter-cluster communication? Do you have enough network cards to do this?

vmbr1(ens19 on vms) is the bridge dedicated to inter-cluster communication. On the host there is also vmbr0 (ens18 on the vms) that is used for bridging node A and B with own IP and is working properly