Hello,
I am going to share with you my new Proxmox network which I recently modified to go from "Linux Bridge" to "OVS Bridge".
I've been working on this for a while and I finally found this solution. The Proxmox experts and specialists will certainly be able to inform me that there is better and more secure, but I am still far from becoming like them.
In fact, the Proxmox network is entirely under Open vSwitch. By consulting the following diagram, we see a rather classic architecture with 2 physical interfaces on Proxmox.
The first is used directly for the Proxmox WAN while the second provides access to a network that I call “Private Local”.
Behind the Proxmox hypervisor, we have OPNSense which allows us to monitor all VMs and “Local Private” networks. All working with VLANs.
This style of diagram can still help some beginners like me by also relying on my "/etc/network/interfaces" file to complete the diagram.
I remain attentive to experts or other knowledgeable people in the field for errors that I may have made or advice that would be very useful to me in improving and refining my Homelab.
How it works:
- all VM's and workstations in "Private LAN" can communicate with each other
- all VM's and workstations in "Private LAN" can administer OPNSense (It would be wise to restrict access a little)
- all VM's and workstations in "Private LAN" can access the Internet
Hoping that my little experience can help some beginners like me.
Note: The Proxmox version on the diagram is not an error; This is the latest version that I have today after an update.
I am going to share with you my new Proxmox network which I recently modified to go from "Linux Bridge" to "OVS Bridge".
I've been working on this for a while and I finally found this solution. The Proxmox experts and specialists will certainly be able to inform me that there is better and more secure, but I am still far from becoming like them.
In fact, the Proxmox network is entirely under Open vSwitch. By consulting the following diagram, we see a rather classic architecture with 2 physical interfaces on Proxmox.
The first is used directly for the Proxmox WAN while the second provides access to a network that I call “Private Local”.
Behind the Proxmox hypervisor, we have OPNSense which allows us to monitor all VMs and “Local Private” networks. All working with VLANs.
This style of diagram can still help some beginners like me by also relying on my "/etc/network/interfaces" file to complete the diagram.
Bash:
# ***** INTERFACES PHYSIQUES *****
auto lo
iface lo inet loopback
auto enp4s0
iface enp4s0 inet manual
ovs_type OVSPort
ovs_bridge vmbr0
auto enusb0
iface enusb0 inet manual
ovs_type OVSPort
ovs_bridge vmbr2
ovs_options tag=10
# ***** PORTS VIRTUELS OVS *****
auto vlan10
iface vlan10 inet static
address 192.168.10.254/24
ovs_type OVSIntPort
ovs_bridge vmbr2
ovs_options tag=10
# LAN OPNSense - VLAN 10
auto vlan20
iface vlan20 inet static
address 192.168.20.254/24
ovs_type OVSIntPort
ovs_bridge vmbr2
ovs_options tag=20
# LAN OPNSense - VLAN 20
auto vlan120
iface vlan120 inet static
address 10.120.0.1/30
ovs_type OVSIntPort
ovs_bridge vmbr1
ovs_options tag=120
# WAN OPNSense - VLAN 120
# ***** PONTS (COMMUTATEUR VIRTUEL) *****
auto vmbr0
iface vmbr0 inet static
address 192.168.1.115/24
gateway 192.168.1.1
ovs_type OVSBridge
ovs_ports enp4s0
# WAN Proxmox
auto vmbr1
iface vmbr1 inet static
ovs_type OVSBridge
ovs_ports vlan120
# WAN OPNSense
auto vmbr2
iface vmbr2 inet manual
ovs_type OVSBridge
ovs_ports enusb0 vlan10 vlan20
# On peut mettre ces 3 lignes soit sur vmbr1, soit sur vmbr2
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.10.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.10.0/24' -o vmbr0 -j MASQUERADE
post-up iptables -t nat -A POSTROUTING -s '192.168.20.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.20.0/24' -o vmbr0 -j MASQUERADE
# LAN OPNSense
source /etc/network/interfaces.d/*I remain attentive to experts or other knowledgeable people in the field for errors that I may have made or advice that would be very useful to me in improving and refining my Homelab.
How it works:
- all VM's and workstations in "Private LAN" can communicate with each other
- all VM's and workstations in "Private LAN" can administer OPNSense (It would be wise to restrict access a little)
- all VM's and workstations in "Private LAN" can access the Internet
Hoping that my little experience can help some beginners like me.
Note: The Proxmox version on the diagram is not an error; This is the latest version that I have today after an update.