~Proxmox on management VLAN, VMz NAT'ed to public

N

ntblade

Renowned Member
Apr 29, 2011
19
1
68
Hi,
I'm trying to setup a Proxmox VE host connected to one of my routers NOT NATed and with the following:
  • Proxmox host, gui, ssh etc. on a management VLAN (say 5) only reachable from an IP list
  • Public IP NATed to guests with port forwarding to services, again only reachable from an IP list.

I've followed the wiki and have some of this done but there's something strange. When my network config is like this:
Code: 
    gateway  192.168.222.1
    bridge-ports enp11s0.5
    bridge-stp off
    bridge-fd 0

auto vmbr0
iface vmbr0 inet manual
        bridge-ports enp11s0
        bridge-stp off
        bridge-fd 0

I'm able to reach the gui ok on 192.168.222.2 but when I add the public IP and NAT as below, I'm unable to reach the host UNLESS the public ip gateway is setup on the router:

Code: 
auto lo
iface lo inet loopback

iface enp11s0 inet manual

iface enp11s0.5 inet manual

auto vmbr0v5
iface vmbr0v5 inet static
    address  192.168.222.2
    netmask  255.255.255.0
[CODE]auto lo
iface lo inet loopback

auto enp11s0
# pve public address
iface enp11s0 inet static
        address  public-address.10
        netmask  255.255.255.248
        gateway  public-gateway.9

iface enp11s0.5 inet manual

auto vmbr0v5
# pve management address
iface vmbr0v5 inet static
    address  192.168.222.2
    netmask  255.255.255.0
    gateway  192.168.222.1
    bridge-ports enp11s0.5
    bridge-stp off
    bridge-fd 0

auto vmbr0
# private subnet - RFC5737
iface vmbr0 inet static
    address    192.0.2.1
    netmask    255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '192.0.2.0/24' -o enp11s0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.0.2.0/24' -o enp11s0 -j MASQUERADE

Does my config look OK?
Also, anyone done something similar and how do I apply the firewall rules?

Thanks for reading

NRV
8o)
 
Hi,
Anyone able to clarify that if I enable the firewall / manage portforwarding from the gui that my network configuration will or won't be altered by proxmox?

Thanks
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back