I have installed Proxmox 5.1. Can I have two vmbr ? One for the bridge IPs and another for NAT? I want to have two VMs that only have access to Internet but not reachable from outside.
Right now I have:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# for Routing
auto vmbr1
iface vmbr1 inet manual
bridge_ports dummy0
bridge_stp off
bridge_fd 0
# vmbr0: Bridging. Make sure to use only MAC adresses that were assigned to you.
auto vmbr0
iface vmbr0 inet static
address x.x.x.x
netmask 255.255.255.0
network x.x.x.0
broadcast x.x.x.255
gateway x.x.x.254
bridge_ports eth0
bridge_stp off
bridge_fd 0
iface vmbr0 inet6 static
address 2001:41d0:0008:0d0c::
netmask 64
post-up /sbin/ip -f inet6 route add x.x.x.x dev vmbr0
post-up /sbin/ip -f inet6 route add default via x.x.x.x
pre-down /sbin/ip -f inet6 route del default via x.x.x.x
pre-down /sbin/ip -f inet6 route del x.x.x.x dev vmbr0
auto vmbr2
#private sub network
iface vmbr2 inet static
address 10.10.10.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
But this is not working
Right now I have:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# for Routing
auto vmbr1
iface vmbr1 inet manual
bridge_ports dummy0
bridge_stp off
bridge_fd 0
# vmbr0: Bridging. Make sure to use only MAC adresses that were assigned to you.
auto vmbr0
iface vmbr0 inet static
address x.x.x.x
netmask 255.255.255.0
network x.x.x.0
broadcast x.x.x.255
gateway x.x.x.254
bridge_ports eth0
bridge_stp off
bridge_fd 0
iface vmbr0 inet6 static
address 2001:41d0:0008:0d0c::
netmask 64
post-up /sbin/ip -f inet6 route add x.x.x.x dev vmbr0
post-up /sbin/ip -f inet6 route add default via x.x.x.x
pre-down /sbin/ip -f inet6 route del default via x.x.x.x
pre-down /sbin/ip -f inet6 route del x.x.x.x dev vmbr0
auto vmbr2
#private sub network
iface vmbr2 inet static
address 10.10.10.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
But this is not working
