Proxmox and Arista NG

R

Remarkable-Guille

Active Member
Apr 3, 2018
10
1
43
Miami
remarkablecloud.com
Hello everyone,

I'm facing an issue with my Proxmox setup, where I'm using an Arista NG firewall. Here’s the network setup:

External and DMZ Network (vmbr0 and vmbr1)

  • Network: 123.456.789.192/27
  • External IP: 123.456.789.221
  • Gateway: 123.456.789.222
  • DMZ is bridged to External and does not have its IP
A test VM in the DMZ is using the following configuration:

Test VM Network (vmbr1)

  • IP: 123.456.789.219/27
  • Gateway: 123.456.789.222
  • Using vmbr1
Here’s what works and what doesn’t:

  • From the test VM, I can ping any IP.
  • From an external source, I can ping 123.456.789.219.
  • Despite opening all ports in the firewall, I can't access any services inside the VM (e.g., SSH).
  • From the test VM, I can't access external services (only ping/mtr works).
  • It works if I set a bypass rule or NAT rule to 123.456.789.219, but the test VM sees the incoming connections as coming from the firewall IP.
  • The same setup using OPNsense works as expected.

Code: 
auto lo
iface lo inet loopback

auto enp26s0f0np0
iface enp26s0f0np0 inet manual

auto enp26s0f1np1
iface enp26s0f1np1 inet manual

auto enp96s0f0np0
iface enp96s0f0np0 inet manual
        bond-master bond1

auto enp96s0f1np1
iface enp96s0f1np1 inet manual
        bond-master bond1

auto bond0
iface bond0 inet static
        address xx.xx.xx.25/32
        gateway xx.xx.0.1
        bond-slaves enp26s0f0np0 enp26s0f1np1
        bond-miimon 100
        bond-mode 802.3ad

auto bond1
iface bond1 inet manual
        bond-slaves enp96s0f0np0 enp96s0f1np1
        bond-miimon 100
        bond-mode 802.3ad

auto vmbr0
iface vmbr0 inet manual
        bridge-ports bond1
        bridge-stp off
        bridge-fd 0

auto vmbr0:0
iface vmbr0:0 inet static
        address 10.10.0.4/16

auto vmbr1
iface vmbr1 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0
post-up ip route add 10.10.0.0/16 via 10.10.0.4 dev vmbr0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward

I want to avoid using NAT and keep all IPs as they are. The test VM should see the actual source IPs of incoming connections.

Can anyone guide me on properly configuring the Arista NG firewall and Proxmox networking to achieve this? Any suggestions or insights would be greatly appreciated.

Thank you!
 
Hi, did you solve your issue? I am planning to use Arista on my promox box and it seems that information on that combo is scarce.
 
Hi,

Unfortunately, I haven't fully solved the issue yet. However, I believe the problem is more related to the OVH HG/Scale network setup with Proxmox, rather than an issue with the Arista Firewall itself. From my experience, Arista seems like a solid firewall solution.

Best of luck with your setup!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom