proxmox on DMZ with 3 networks

[grharry]

I have a Proxmox server running in my DMZ zone.
My DMZ zone has 3 nets assigned
2 with public IP's xx.xx.xx.xx/28 ( A and B )
1 private 10.0.0.0/28

In order to dedicate a vhost into a different net than the one the main vmbr0 interface is on
I had to use a veth interface rather than a venet in order to be seen.

now one vhost that serves as mail server was assigned with a public IP of net A with a venet iface, I would like to assign a second public ip from the B NET in order to load balance the mail traffic among 2 providers.

How Do I approach this ?
Assing a second public IP on the vmbr0 and then a venet ip+interface from net B in the mail server ??? ( this options takes away an ip )
Use veth along with a venet in the mail server ??

None of the above ??

Please specify ...
Regards Harry

 

[udo]

Hi,
why you don't use three separate networks? If you have only one nic, use vlan-tagging (switches with vlan-tagging are not expensive these days - e.g. cisco slm2008).
Then you can use tree bridges and the VMs can use all of them.

Udo

 

[grharry]

Hi,
why you don't use three separate networks? If you have only one nic, use vlan-tagging (switches with vlan-tagging are not expensive these days - e.g. cisco slm2008).
Then you can use tree bridges and the VMs can use all of them.

Udo

Thanks, but it's a bit more complicated than that ...
See the DMZ zone is a vlan by it's self
Besides your solution won't eliminate the need for additional public ip's.
NAT and SNAT would be a solution but the whole system stands behind an already complex FW that I do not intend to make it even more complex.
The existence of the 1 rfc1918 serves this purpose of ip economy ( DB servers that need to be accessed by a public web or mail server don;t need to waste a public ip ).
Any way I assigned a 2nd public ip to vmbr0 so far it works OK.

Another problem that I am faced with now is the cluster vm machine.
I am not able to tranfer these particular vs's.

Cheers,
Harry