One NIC, one FW with virtual LAN behind FW

[spccat]

Hi there,

I am trying to have following network:

Anyone has a /etc/network/interface file handy including the iptables and/or routing needed to do so please?

I have read many docs, but couldn't find anything - or didn't understand the right ones

Thank you for your help in advance.

I am running Proxmox 4.1-33/de386c1a and my FW is on a qemu.

Thanks.

 

[Alexander Pytlev]

This simply idea, I don't tested it.

/etc/network/interfaces

auto lo
iface lo inet loopback

iface eth0 inet manual

iface tap1 inet manual
  pre-up ip tuntap add tap1 mode tap user root
  up ip link set dev tap1 up
  post-down ip link del dev tap1

auto vmbr0
iface vmbr0 inet static
  address xx.yy.zz.2
  netmask 255.255.255.0
  gateway xx.yy.zz.1
  bridge_ports eth0
  bridge_stp off
  bridge_fd 0

auto vmbr1
iface vmbr1 inet static
  bridge_ports tap1
  bridge_stp off
  bridge_fd 0

FW have two interfaces, eth0(192.168.1.100) binded to vmbr0 and eth1(192.168.2.1) to vmbr1

 

[spccat]

Thank you Alex for taking time to respond. This is much appreciated.

I have put this config into my proxmox host, but the FW(server) does not get outside, neither can it ping the proxmox host.

I think the proxmox host has to have a local IP on the 192.168.1.0 network like 192.168.1.1 (that's missing in my diagram I guess).

Any thoughts?