My idea to create totally isolated VMs with VLANs...can you help me with this?

[jorglodita]

Hi! Have been using Proxmox from years now, but never did something special with networking. Now I have many different need for my VMs and it´s time to isolate them (until now they were living in the same network).

What I have? A PFsense/OPNsense router in a different machine, with VLANs already created and working perfectly in other PCs. The Proxmox PC is in a different PC with just 1 Intel NIC.
What I want? To isolated my VMs in different networks on already created (on the router) and working VLANs: have the proxmox VLAN (with permissions for basic Proxmox networking), 1 VLAN for DMZ network (firewalled to the top), one family photos network, one for personal documents network...

My idea?
I know the default bridge (vmbr0) is VLAN aware but I would like a bit more isolation:
The idea is to create as many bridges as needed, each one configured with its own different VLAN. The Proxmox bridge would be configured as eth0.10, the DMZ as eth0.20, and so on. The default bridge (vmbr0) will have the IP and data configured, but will leave blank for the rest.

I think this would work but...what do you think about this? There is a better way to do this kind of setup?

Thanks a lot in advance!

EDIT: I know this probably is a bit paranoid setup but...safety first!

 

[Hannes Laimer]

Hey,

have you considered just setting the VLAN tag for each VM? Like that you would not need more bridges.

 

[spirit]

they are no difference of isolation if you use 1 vlanware bridge with mutliple tag on the vm, or multiple non-vlanaware bridge with tag on physical eth.x interface.