[SOLVED] PVE 8 network configuration with IPv4 range

[Sputnik93]

Hello,

I am renting a dedicated server (with multiple NICs) from a non-profit hosting provider. I installed Debian 12 and then PVE 8.0.4 on the server. They provide me with an IPv4 range (foo.foo.foo.240/29), and I use one of the addresses (foo.foo.foo.243) for the PVE node.

Additionally, I also use a private network (192.168.0.0/24) for the containers and VM (on vmbr0 bridge), and masquerade the guests for outgoing traffic.

On my PVE host, the /etc/network/interfaces is as follows:

[...]
auto enp1s0f0
iface enp1s0f0 inet static
    address foo.foo.foo.243/29
    gateway foo.foo.foo.foo
    dns-nameservers foo.foo.foo.foo
# dns-* options are implemented by the resolvconf package, if installed

auto vmbr0
iface vmbr0 inet static
    address 192.168.0.1/24
    bridge-ports none
    bridge-stp off
    bridge-fd 0

    post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up   iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o enp1s0f0 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o enp1s0f0 -j MASQUERADE

So far, so good. The host has Internet access, and so do the guest VM and containers, through the masquerade.

But I would also like to use one other IPv4 address (foo.foo.foo.244) for a guest VM (which I would use as a reverse proxy).

So I activated a second network interface on the PVE host, and created a second bridge:

auto enp1s0f1
iface enp1s0f1 inet manual

auto vmbr1
iface vmbr1 inet static
    address foo.foo.foo.244/29
    bridge-ports enp1s0f1
    bridge-stp off
    bridge-fd 0

I then added a second network device on the "hardware" panel for the Reverse Proxy VM, using vmbr1 as a bridge

And then on the Reverse-Proxy VM I use this interface as follows:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug ens18
iface ens18 inet static
    address 192.168.0.200/24
    gateway 192.168.0.1
    # dns-* options are implemented by the resolvconf package, if installed
    dns-nameservers 1.1.1.1

auto ens19
iface ens19 inet static
    address foo.foo.foo.244/29

Restarting the networking service on the R-P VM showed no error, but the foo.foo.foo.244 address actually points to the PVE host, not to the VM.

Obviously I am doing something wrong, but I can't seem to find how to declare a full IPv4 Range on the PVE host, use one of the addresses for the host itself, and another one for a VM.

Online search lead me to this thread, but it does not seem to provide a solution.

I know I could configure NAT forwarding from the PVE host (with iptables or other software firewall) for http and https ports to the R-P VM, but I would rather not resort to this solution...

Any pointers would be gladly appreciated !

 

[Sputnik93]

Finally got it working, the solution was way simpler than I expected:

/etc/network/interfaces on PVE host:

[...]
auto vmbr2
iface vmbr2 inet static
    address foo.foo.foo.243/29
    gateway foo.foof.foo.foo
    bridge-ports enp1s0f1
    bridge-stp off
    bridge-fd 0
    bridge_maxwait 0
    # Main interface
[...]

Then for the VM just add an interface backed on that bridge, and assign the second IP address inside the VM network configuration:

allow-hotplug ens19
iface ens19 inet static
    address foo.foof.foo.244/29
    gateway foof.foof.foo.foo
    dns-nameservers 1.1.1.1

Hope this may help !