[SOLVED] Networking a mix of public and private IPs

G

gregwbrooks

Member
Feb 4, 2021
11
1
8
59
On a Proxmox host with multiple public IPs (one per VM), what's the right way to introduce a VMBR for private IPs? The following works for the public IPs, but VMBR1 can't reach the internet.

I tried swapping out vmbr0 for eno1 in the masquerade lines, but no luck.


Code: 
auto lo
iface lo inet loopback

auto eno1
iface eno1 inet manual

iface eno2 inet manual

auto vmbr0
iface vmbr0 inet static
address {$PRIMARY PUBLIC IP}
gateway {$PUBLIC GATEWAY}
bridge-ports eno1
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet static
address 10.10.0.1/16
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.0.0/16' -o eno1 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.0.0/16' -o eno1 -j MASQUERADE
 
Hello
can you post iptables-save ?
 
hd-- said:
Hello
can you post iptables-save ?
Click to expand...
Thanks for responding -- here you go.

Code: 
# Generated by iptables-save v1.8.9 on Thu Dec 14 18:15:10 2023
*raw
:PREROUTING ACCEPT [6213:367061]
:OUTPUT ACCEPT [346:193717]
COMMIT
# Completed on Thu Dec 14 18:15:10 2023
# Generated by iptables-save v1.8.9 on Thu Dec 14 18:15:10 2023
*filter
:INPUT ACCEPT [451:148089]
:FORWARD ACCEPT [5743:218268]
:OUTPUT ACCEPT [346:193717]
COMMIT
# Completed on Thu Dec 14 18:15:10 2023
# Generated by iptables-save v1.8.9 on Thu Dec 14 18:15:10 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.10.0.0/16 -o eno1
COMMIT
# Completed on Thu Dec 14 18:15:10 2023
 
Replying to my own post so others know the solution that finally worked: Just use the software defined network (SDN). No more fussing with /etc/network/interfaces and it just works.

I used the guide here, but there are others. It's pretty straightforward and the only new install on the host was dnsmasq.

Now? Private-IP VMs are on their own subnet and virtual network. They can reach the internet via the host's IP on vmbr0. And public-IP VMs can't reach the private-IP VMs via ping or direct SSH.
 
  • Like
Reactions: hd--
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom