I have been using Proxmox in my homelab for around 2 years. At my home, I have a proper router/switch/etc so this is a bit easier to do. Recently my company tasked me with putting a Proxmox box in a local datacenter to get more reliable power/internet.
I am going to try to be as thorough as possible here, while masking public IP info.
The setup from the datacenter is as such.
My private network(vmbr1) is 10.0.0.0
I am trying to set my network up using only Proxmox networking and firewall whereas before I've relied on pfsense. I'm hesitant to do so now because pfSense would be virtualized and if there were an issue, I'd be cut off from my server until the next business day.
My goal is to have my Proxmox host on a public IP 66.X.X.226 while allowing certain VMs to pull from the remaining 4 if I want them to be public facing. Additionally I'd like to have them all on a Local Network as well. Lastly, I'd like to be able to use NAT to push ports on the main proxmox IP 66.X.X.226 to guests that do not have a public IP. For instance, push requests on 66.X.X.226:8888 => 10.0.0.100:3306
Proxmox Host /etc/network/interfaces file:
Guest VM1 /etc/network/interfaces
Guest VM2 /etc/network/interfaces
With my current configuration, the IP addresses are pulled by the VMs and I can SSH to whichever one goes up first (227 or 228) from outside of the datacenter network(routing issue?).
However, I can SSH to both from the Proxmox box(66.X.X.226). It seems I have a routing issue a in how that's handled and I'd rather learn a little here than break down and install pfSense as a VM. Lastly, the NAT forward of ports from the main IP(66.X.X.226), I have no idea how to do this. I've tried a few things and failed. I am open to anyone's advice here.
I am going to try to be as thorough as possible here, while masking public IP info.
The setup from the datacenter is as such.
- Usable public IPs: 5 (all on the same subnet)
- Subnet: 255.255.255.248
- Gateway: 66.X.X.225
- Usable IPs: 66.X.X.226-230
- One network interface port.
My private network(vmbr1) is 10.0.0.0
I am trying to set my network up using only Proxmox networking and firewall whereas before I've relied on pfsense. I'm hesitant to do so now because pfSense would be virtualized and if there were an issue, I'd be cut off from my server until the next business day.
My goal is to have my Proxmox host on a public IP 66.X.X.226 while allowing certain VMs to pull from the remaining 4 if I want them to be public facing. Additionally I'd like to have them all on a Local Network as well. Lastly, I'd like to be able to use NAT to push ports on the main proxmox IP 66.X.X.226 to guests that do not have a public IP. For instance, push requests on 66.X.X.226:8888 => 10.0.0.100:3306
Proxmox Host /etc/network/interfaces file:
Code:
auto lo
iface lo inet loopback
iface eth0 inet manual
auto vmbr0
iface vmbr0 inet static
address 66.X.X.226
netmask 255.255.255.248
gateway 66.X.X.225
bridge_ports eth0
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
auto vmbr1
iface vmbr1 inet static
address 10.0.0.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/24' ! -d '10.0.0.0/244' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADEGuest VM1 /etc/network/interfaces
Code:
auto lo
iface lo inet loopback
auto ens18
iface ens18 inet static
address 66.X.X.227
netmask 255.255.255.248
gateway 66.X.X.225
dns-nameservers 8.8.8.8
dns-search domain.com
auto ens19
iface ens19 inet static
address 10.0.0.100
netmask 255.255.255.0
broadcast 10.0.0.255
gateway 10.0.0.1
dns-nameservers 8.8.8.8
dns-search domain.comGuest VM2 /etc/network/interfaces
Code:
auto lo
iface lo inet loopback
auto ens18
iface ens18 inet static
address 66.X.X.228
netmask 255.255.255.248
gateway 66.X.X.225
dns-nameservers 8.8.8.8
dns-search domain.com
auto ens19
iface ens19 inet static
address 10.0.0.101
netmask 255.255.255.0
broadcast 10.0.0.255
gateway 10.0.0.1
dns-nameservers 8.8.8.8
dns-search domain.comWith my current configuration, the IP addresses are pulled by the VMs and I can SSH to whichever one goes up first (227 or 228) from outside of the datacenter network(routing issue?).
However, I can SSH to both from the Proxmox box(66.X.X.226). It seems I have a routing issue a in how that's handled and I'd rather learn a little here than break down and install pfSense as a VM. Lastly, the NAT forward of ports from the main IP(66.X.X.226), I have no idea how to do this. I've tried a few things and failed. I am open to anyone's advice here.
