I'm new to Proxmox and I'm trying to create a 3 node cluster with an isolated network. This way if someone hacks into a VM or Container they don't have access to my full network. I might also want to group and isolate some containers from each other. For example home related containers and business related containers.
I'm a bit confused as to what the best approach is to do this. I'm currently playing around with SDN so I can easily configure my nodes and new nodes that are added to the network. I first tried a simple zone with SNAT enabled. That worked but doesn't allow for inter communication across nodes.
Second I tried VLAN zone, this works but SNAT doesn't work when I enable it, neither does DHCP. The same holds for VXLAN, no SNAT or DHCP. Is this a bug or is not implemented?
Besides this I would also need to forward traffick on 22, 80 and 443 to my nodes so it can be routed to the right subcontainer in the right network. So I was thinking about a reverse proxy? But then this reverse proxy needs to work accross all networks?
Where can I find a guide to setup something like this water tight? Is this the right approach for creating isolated networks? Is there a better simpler way maybe?
I'm a bit confused as to what the best approach is to do this. I'm currently playing around with SDN so I can easily configure my nodes and new nodes that are added to the network. I first tried a simple zone with SNAT enabled. That worked but doesn't allow for inter communication across nodes.
Second I tried VLAN zone, this works but SNAT doesn't work when I enable it, neither does DHCP. The same holds for VXLAN, no SNAT or DHCP. Is this a bug or is not implemented?
Besides this I would also need to forward traffick on 22, 80 and 443 to my nodes so it can be routed to the right subcontainer in the right network. So I was thinking about a reverse proxy? But then this reverse proxy needs to work accross all networks?
Where can I find a guide to setup something like this water tight? Is this the right approach for creating isolated networks? Is there a better simpler way maybe?