Isolating internet webserver from other VM's and containers

M

macamba

Well-Known Member
Mar 8, 2011
85
5
48
I want to hook up a container with a webserver to the internet. The container is hosted on PVE together with vm's and containers not hooked up to the internet.
I am wondering how I can best configure my container to publish it to the internet and isolating it from my other VM's and containers. I only see bridge network option to configure for the container. What's the best setup for this?
Take into consideration that I also have a second hardware NIC in my PVE server which could be used, but is not activated it seems. See screenshots below.
1606947377175.png

1606947474852.png
 
hi,

macamba said:
I am wondering how I can best configure my container to publish it to the internet and isolating it from my other VM's and containers. I only see bridge network option to configure for the container. What's the best setup for this?
Click to expand...

you can use a masquerading NAT setup to achieve this. see here [0]

you would basically create a subnet for your container(s) and forward the necessary ports to it. to keep your other VM/CT disconnected, you can also create a separate subnet acting as a DMZ

[0]: https://pve.proxmox.com/wiki/Networ...ith_tt_span_class_monospaced_iptables_span_tt
 
your gateway must be in the same network
if your conf is 192.168.1.3 / 255.255.255.0 that means that :
- your network begin with 192.168.1.0 and go to 192.168.1.255 (256 IP)
- your network name is 192.168.1.0 (and you can't use that IP for a host)
- the broadcats address of your network is 192.168.1.255 (and you can't use that IP for a host)
- you can use any of the addresses between 192.168.1.1 to 192.168.1.254 for your hosts
- a host in the network can only communicate in that network
- to communicate with something outside the network, you must define the gateway (the one to talk to that can get out of the network) and the gateway will transfer your request outside of the network but as you can only talk to something inside the network, the gateway must have an IP between 192.168.1.1 and 192.168.1.254 and not be an IP ever used by another host, usually, gateway is .1 or .254
Regards
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back