Proxmox VE multiple Gateways

[dietmar]

I'm having this problem as well. Here is the use-case that explains why one would want 2 separate gateways on 2 different networks (I'm trying to migrate away from ESXI, which handles this case perfectly). I have a Proxmox server with several VMS and several NICs. Each NIC is connected to a separate network from an external router/firewall. There are two VMs on Proxmox, one that lives on a LAN network, and I would like it to use the LAN network gateway (and thus the LAN network VPN and outgoing firewall rules). Another VM lives on an IOT network, and should use the IOT gateway and thus IOT firewall rules. These two VMs would only be able to talk to each other through the router (external to Proxmox), each using it's own NIC, it's own network, and it's own gateway. I'm getting the feeling that this isn't possible in Proxmox - which would mean back to ESXI. How unfortunate that would be. Can this be done in Proxmox? So far, it seems that isn't possible.

You first create one bridge for each NIC. Then simply assign the corresponding NIC/bridge to the VM, and configure the IP and gateway inside the VM.

 

[saerdna]

Thank you. That works. It's a bit mystifying why Proxmox won't just listen to the dhcp server, but I guess I don't care - this works just fine.
Regards,
Andy

 

[RichardSufliarsky]

Hello, seems to me as the best thread to post my question. I have Proxmox servers with two network interfaces. One for the internet access and one for the internal network. Virtual machines are created with only one interface bridged to the internal network. Each Proxmox server acts as a gateway to access the internet for the virtual machine.
Is there any simple way how to configure the gateway for the VM, so it is not dependent on concrete Proxmox server?
Issue is that when there is maintanence planned on the server, VM can be migrated to another server, but it's gateway will go offline, once the original server will be powered off.
Manual change of the GW before or after the migration can be the easiest, but involves human factor (people tend to forget/skip some steps from the instructions).
I am considering to create virtual IP address for the GW managed by these three servers, but if there is any other straightforward/simpler solution, please share.

 

[shanreich]

If one gateway is only for the internal network, then do you really need a gateway? Configuring the IP address with the correct netmask should autogenerate the correct route for the internal network (192.168.0./xx). This means that all traffic towards those IPs gets sent via the interface for the internal network anyway.

Or do you need to route between VLANs / inside your internal network somehow?

 

[RichardSufliarsky]

VMs need access to the internet and as they have only internal network IPs and don't have access to 10.10.10.x network, they can't access it.
Therefore their default GW is set to the IP of the Proxmox server (beware of different IPs for the VM - it's IP is 192.168.0.13, but GW is 192.168.0.3).
As this server has IP forwarding enabled and has required iptables rules configured, it routes internet traffic for the VMs.

iptables -t nat -A POSTROUTING -o eno33 -j MASQUERADE
iptables -A FORWARD -i eno33 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i br0 -o eno33 -j ACCEPT