I converted my ISP-provided router into a modem. It just converts from fiber to ethernet. It's chained to my router, which runs Openwrt. The Openwrt router handles PPPoE and gets assigned the IPs. It has 3 VLANs, all on separate subnets:
VLAN 10 (LAN) (IPv4 Only) (192.168.1.0/24) - All my wireless devices and untagged traffic flowing through switch ports on router
VLAN 20 (Proxmox Host) (IPv4 Only) (192.168.2.0/24) - Tagged traffic flowing through switch on physical router
VLAN 30 (Proxmox CTs/VMs) (IPv4+IPv6) (192.168.3.0/24) - Tagged traffic flowing through switch on physical router
My ISP only provides a single /64 prefix for IPv6, which is why only one VLAN has public IPv6. SLAAC is enabled, as well as DHCPv6.
Firewall rules on router are as follows:
- VLAN 10 can send traffic to VLAN 20 and VLAN 30.
- VLAN 20 can only send traffic to WAN.
- VLAN 30 can only send traffic to WAN.
Proxmox version is 9.1.4. I have updated all the packages. I do not have commercial license.
Proxmox host's
I set up Wireguard on my Proxmox host. It is only accessible through Wireguard. This works perfectly as intended.
Proxmox host's
Proxmox host's
I set the VLAN tag in the vnet so CTs don't have to care about VLAN. Proxmox host's
I set up a private zone, vnet, and subnet for internal CTs to communicate between each other. Proxmox host's
CT's
The firewall is enabled at the datacenter level.
The firewall is enabled at the node level (I have only a single node), but there are no firewall rules at the node level.
The firewall is disabled at the CT level.
IPv4 works fine, but IPv6 does not. CT's IPv6 config is to use SLAAC. CT takes ages to get assigned a public IPv6 after boot (sometimes assignment never occurs), but then it doesn't work despite having a public IPv6 address. I cannot ping any other external IPv6 addresses from within the CT.
Does the problem have to do with the "iface eth0 inet6 manual" line, or is it something else? I am mostly using default settings and normal Proxmox features, so I don't know why IPv6 isn't working in the CT.
Thanks.
VLAN 10 (LAN) (IPv4 Only) (192.168.1.0/24) - All my wireless devices and untagged traffic flowing through switch ports on router
VLAN 20 (Proxmox Host) (IPv4 Only) (192.168.2.0/24) - Tagged traffic flowing through switch on physical router
VLAN 30 (Proxmox CTs/VMs) (IPv4+IPv6) (192.168.3.0/24) - Tagged traffic flowing through switch on physical router
My ISP only provides a single /64 prefix for IPv6, which is why only one VLAN has public IPv6. SLAAC is enabled, as well as DHCPv6.
Firewall rules on router are as follows:
- VLAN 10 can send traffic to VLAN 20 and VLAN 30.
- VLAN 20 can only send traffic to WAN.
- VLAN 30 can only send traffic to WAN.
Proxmox version is 9.1.4. I have updated all the packages. I do not have commercial license.
Proxmox host's
/etc/network/interfaces:
Code:
auto lo
iface lo inet loopback
iface nic0 inet manual
auto vmbr0
iface vmbr0 inet static
bridge-ports nic0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 20
auto vmbr0.20
iface vmbr0.20 inet static
address 192.168.2.2/24
gateway 192.168.2.1
iface nic1 inet manual
source /etc/network/interfaces.d/*I set up Wireguard on my Proxmox host. It is only accessible through Wireguard. This works perfectly as intended.
Proxmox host's
/etc/pve/firewall/cluster.fw (datacenter level firewall):
Code:
[OPTIONS]
enable: 1
[RULES]
IN ACCEPT -i wg0 -log nolog # wireguard reverse traffic
IN ACCEPT -i vmbr0.20 -dest 192.168.2.2 -p udp -dport 51820 -log nolog # wireguard
|IN ACCEPT -i vmbr0.20 -dest 192.168.2.2 -p tcp -dport 8006 -log nolog # proxmox web interfaceProxmox host's
/etc/pve/sdn/zones.cfg:
Code:
vlan: zone0
bridge vmbr0
ipam pve
simple: zone1
ipam pveI set the VLAN tag in the vnet so CTs don't have to care about VLAN. Proxmox host's
/etc/pve/sdn/vnets.cfg:
Code:
vnet: vnet0
zone zone0
tag 30
vlanaware 1
vnet: vnet1
zone zone1I set up a private zone, vnet, and subnet for internal CTs to communicate between each other. Proxmox host's
/etc/pve/sdn/subnets.cfg:
Code:
subnet: zone1-172.16.0.0-24
vnet vnet1
dhcp-range start-address=172.16.0.2,end-address=172.16.0.100
gateway 172.16.0.1CT's
/etc/network/interfaces (CT is running Alpine Linux v3.23):
Code:
auto lo
iface lo inet loopback
iface lo inet6 loopback
auto eth0
iface eth0 inet static
address 192.168.3.2/24
gateway 192.168.3.1
hostname $(hostname)
auto eth1
iface eth1 inet static
address 172.16.0.2/24
gateway 172.16.0.1
iface eth0 inet6 manualThe firewall is enabled at the datacenter level.
The firewall is enabled at the node level (I have only a single node), but there are no firewall rules at the node level.
The firewall is disabled at the CT level.
IPv4 works fine, but IPv6 does not. CT's IPv6 config is to use SLAAC. CT takes ages to get assigned a public IPv6 after boot (sometimes assignment never occurs), but then it doesn't work despite having a public IPv6 address. I cannot ping any other external IPv6 addresses from within the CT.
Does the problem have to do with the "iface eth0 inet6 manual" line, or is it something else? I am mostly using default settings and normal Proxmox features, so I don't know why IPv6 isn't working in the CT.
Thanks.