Hello all!
After 3 days of digging, I decided to ask directly:
My proxmox host is connected to a Unifi switch port with a native VLAN 1610, also allowing tagged VLAN traffic for IDs 3510, 1620, ...
That means the proxmox host is automatically in the 1610 VLAN.
Setting up single-NIC VMs has been a breeze:
I configured vmbr0 as VLAN-aware and added a VLAN tag (3510 or 1620) to the VM's NIC to put the VM into the respective network.
Or I left the VLAN tag in the NIC settings blank to automatically put the VM into the native 1610 network.
For the last three days I tried a slightly more complicated setup:
Background:
I want to run a DNS server (bind9 docker container in a proxmox VM), which listens on all networks (1610, 1620, 3510, ...) and manages both my local DNS zone resolution and forwarding.
I do not want to host multiple DNS servers in every VLAN network and I also cannot use my firewall's DNS capabilities.
I need the DNS forwarding logic to go via the same network interface that the DNS request came from (eg. client from 1610 VLAN making DNS request -> DNS server forwarding via 1610 VLAN to upstream DNS servers), because every network has different properties (like privacy VPN).
To that end I came up with a proxmox VM that is attached to multiple NICs: one untagged one (which should automatically be tagged with 1610 by the Unifi Switch port), one tagged with 3510, one tagged with 1620, ...
Then, in this VM I would like to bind the DNS server to all those NICs' interfaces and serve requests.
My first question: Is this a stupid approach and is there an obviously better way?
For troubleshooting I scaled the setup down to a VM having only two NICs: one VLAN-tagged NIC (3510) one and one untagged one (whose traffic should be VLAN 1610 at the switch port).
Here I realized that the tagged NIC did not work as expected.
While a VM with two tagged NICs (3510 and 1620) could send and receive traffic via both interfaces, the VM with one untagged and one tagged NIC could not properly use the tagged NIC.
Using tcpdump inside the VM showed incoming ARP requests on the tagged NIC, but I couldn't send out anything, not even ping the gateway.
Each NIC did receive a valid and correct DHCP lease (which I configured statically on my home firewall), however.
I am very new to proxmox, so am I missing something obvious?
After 3 days of digging, I decided to ask directly:
My proxmox host is connected to a Unifi switch port with a native VLAN 1610, also allowing tagged VLAN traffic for IDs 3510, 1620, ...
That means the proxmox host is automatically in the 1610 VLAN.
Setting up single-NIC VMs has been a breeze:
I configured vmbr0 as VLAN-aware and added a VLAN tag (3510 or 1620) to the VM's NIC to put the VM into the respective network.
Or I left the VLAN tag in the NIC settings blank to automatically put the VM into the native 1610 network.
For the last three days I tried a slightly more complicated setup:
Background:
I want to run a DNS server (bind9 docker container in a proxmox VM), which listens on all networks (1610, 1620, 3510, ...) and manages both my local DNS zone resolution and forwarding.
I do not want to host multiple DNS servers in every VLAN network and I also cannot use my firewall's DNS capabilities.
I need the DNS forwarding logic to go via the same network interface that the DNS request came from (eg. client from 1610 VLAN making DNS request -> DNS server forwarding via 1610 VLAN to upstream DNS servers), because every network has different properties (like privacy VPN).
To that end I came up with a proxmox VM that is attached to multiple NICs: one untagged one (which should automatically be tagged with 1610 by the Unifi Switch port), one tagged with 3510, one tagged with 1620, ...
Then, in this VM I would like to bind the DNS server to all those NICs' interfaces and serve requests.
My first question: Is this a stupid approach and is there an obviously better way?
For troubleshooting I scaled the setup down to a VM having only two NICs: one VLAN-tagged NIC (3510) one and one untagged one (whose traffic should be VLAN 1610 at the switch port).
Here I realized that the tagged NIC did not work as expected.
While a VM with two tagged NICs (3510 and 1620) could send and receive traffic via both interfaces, the VM with one untagged and one tagged NIC could not properly use the tagged NIC.
Using tcpdump inside the VM showed incoming ARP requests on the tagged NIC, but I couldn't send out anything, not even ping the gateway.
Each NIC did receive a valid and correct DHCP lease (which I configured statically on my home firewall), however.
I am very new to proxmox, so am I missing something obvious?