X
xeltros
Guest
Hi,
I have a proxmox VE server (fully updated) installed from a stock debian for raid capabilities and partitionning. My physical server only have one NIC.
here is what I want to do.
I want to get 3 networks (maybe adding a DMZ later).
1°) classical real network for my router (192.168.x.x)
2°) internal network only for VM (10.x.x.x) (VM Have to communicate between each other but not to the outside)
3°) client network (172.16.x.x)
(4°) DMZ for more secure internet access to servers, maybe using vlan on the internal network ?)
I'd like to use TMG (MS threat management gateway) to filter all traffic from and to VMs.
this will be something like this :
to access a VM from internet :
INTERNET => router => proxmox eth0 => TMG bridged NIC => TMG INTERNAL NIC => VM INTERNAL NIC
to access internet from a client computer (using real network but isolated by settings, can't do better for this one since they use the same physical cables...) :
Computer NIC => ROUTER => proxmox eth0 => TMG bridged NIC (also doing DHCP) => router => internet
I don't want to bridge everything, since I need to be able to distribute DHCP on several subnets.
I took a look at this http://pve.proxmox.com/wiki/Network_Model but nothing really fits. I'd like a full isolation (nothing passes on real network except from TMG), not something that can be bypassed by other ip settings on the VM. I want VM to have physically no access to my network, except TMG which will have a bridged NIC for that purpose.
How do I have to configure the server and the VM to get that ?
Have a nice day,
regards
I have a proxmox VE server (fully updated) installed from a stock debian for raid capabilities and partitionning. My physical server only have one NIC.
here is what I want to do.
I want to get 3 networks (maybe adding a DMZ later).
1°) classical real network for my router (192.168.x.x)
2°) internal network only for VM (10.x.x.x) (VM Have to communicate between each other but not to the outside)
3°) client network (172.16.x.x)
(4°) DMZ for more secure internet access to servers, maybe using vlan on the internal network ?)
I'd like to use TMG (MS threat management gateway) to filter all traffic from and to VMs.
this will be something like this :
to access a VM from internet :
INTERNET => router => proxmox eth0 => TMG bridged NIC => TMG INTERNAL NIC => VM INTERNAL NIC
to access internet from a client computer (using real network but isolated by settings, can't do better for this one since they use the same physical cables...) :
Computer NIC => ROUTER => proxmox eth0 => TMG bridged NIC (also doing DHCP) => router => internet
I don't want to bridge everything, since I need to be able to distribute DHCP on several subnets.
I took a look at this http://pve.proxmox.com/wiki/Network_Model but nothing really fits. I'd like a full isolation (nothing passes on real network except from TMG), not something that can be bypassed by other ip settings on the VM. I want VM to have physically no access to my network, except TMG which will have a bridged NIC for that purpose.
How do I have to configure the server and the VM to get that ?
Have a nice day,
regards