separate vm subnet in routed configuration

[yasermahmood]

Hi guys I am trying to implement following scenario , however I have just one Ethernet port connected to my proxmox server

here is my interfaces file
auto lo
iface lo inet loopback

auto eno1
iface eno1 inet static
address 192.168.0.102/24
gateway 192.168.0.1

auto vmbr0
iface vmbr0 inet static
address 192.168.7.1/24 <------ guest network
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.7.0/24' -o eno1 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.7.0/24' -o eno1 -j MASQUERADE

so 192.168.7.0/24 is my guest vm network and masq is working fine since all my traffic from 192.168.0.0/24 network is masq at the router with public IP address, what I want to verify is it it is possible to reach my vm from another dedicated hosts which is on same layer 2 network and have IP address assigned from the same subnet lets say 192.168.7.5 and one of my vm is 192.168.7.2 however it looks like it is not accessible without port forwarding.

here is what arp table looks like from proxmox host

? (192.168.0.1) at a4:91:b1:c8:b6:a4 [ether] on eno1
? (192.168.7.5) at b8:76:3f:d0:83:d7 [ether] on eno1
? (192.168.7.2) at bc:24:11:88:1b:3f [ether] on vmbr0
? (192.168.7.5) at <incomplete> on vmbr0
? (192.168.0.106) at 60:a5:e2:42:2b:74 [ether] on eno1

 

[Pifouney]

vérifiez les fondamentaux du réseau ....
Vous avez besoin d'un routeur qui connaît votre réseau pour y accéder sans mascarade.
You need that our external host know routing way for your vm network.

 

[yasermahmood]

what my concern is my bridge port is none , is that going to cause any issues with this ?, since i have my external machine on the same subnet so to me its one broadcast domain