Proxmox and Vyatta as a fron router/firewall

  • Thread starter Thread starter DarkSpace
  • Start date Start date
D

DarkSpace

Guest
Hi,

I've set the vswitch on ESXi with isolated LAN (without physical NIC), on another vswitch I installed Vyatta with eth0 and internet connection, the eth1 is on isolated vswitch so all traffic goes through Vyatta accting as a front firewall/router for all VMs.

Question:
How to set this on Proxmox, if this is actually possible. Please point me to some tutorials, manuals. Would it be possible to set this via web console?

Regards
 
Hi,

Thx for help but for now I can't even assign the IPs from additional range to the VMs.

I have the main four IPs assigned to proxmox (x.x.x.162, mask 255.255.255.192, gateway x.x.x.129)

auto vmbr0
iface vmbr0 inet static
address x.x.x.163
netmask 255.255.255.192
gateway x.x.x.129
bridge_ports eth0
bridge_stp off
bridge_fd 0
Click to expand...

VMs works fine on this range but I have also second block of IPs which I would like to assign to the VMs (x.x.x.96/27)
Can I assign them with GUI and does the first IP from this range .96 is usable and this will be the gateway for the VMs?
 
I think it's possible to bring the additional ips in to the vyatta via vlans assigned to their own bridge device.
You can add bridge devices to Proxmox through the web interface, but I don't know about vlans.

I read a post detailing a similar configuration here in the forums recently, but I didn't bookmark it, and am not finding it at the moment. Look around & you'll find details on this.

Once the IPs are into Vyatta they can be distributed via individual bridges connecting the various VM-only networks attached to the Vyatta's interfaces.
Again, these bridges are created through the Proxmox web interface- keep in mind they don't have to have a physical device associated with them.

Also bear in mind that the machine Proxmox is installed to that's hosting the firewall VM does not benefit from any of the protection provided by a virtualized firewall.
Proxmox does not protect itself, and a hardware firewall is recommended for it's own security.

It may be possible to install a firewall package to Proxmox, I believe there's some mention of that working for someone buried in here somewhere.
 
Last edited:
Thanks for help. I created two bridge devices, one dummy with no IPs assigned to it and the second one with internet connection. I assigned these two interfaces to vyatta and created all VMs on the bridge device with no IPs and vyatta as a gateway. I had to also add route to proxmox to push all traffic on the secondary subnet to vyatta interface so everything works fine so far.
Do you think that this is good configuration/solution (apart the recommended hardware appliance)
Do you think I should create these vlans on vyatta even if it's works without it. I would like to just make sure that everything is configured properly ;)
 
Glad it works.

As for whether how you have it is proper, I wouldn't be the one to make that determination- I'm early in the learning curve on this.

I see people on the Vyatta forums posting their configuration files for review, I think that community would be better suited to provide insight into design considerations.
 
You must log in or register to reply here.
Top Bottom