Setting two NICs, one for host, one for VMs with bridge and NAT

Discussion in 'Proxmox VE: Networking and Firewall' started by atman, Aug 29, 2018.

  1. atman

    atman New Member

    Joined:
    Apr 24, 2012
    Messages:
    16
    Likes Received:
    0
    Hello,

    on my PVE server (v. 5.2.7) I have two ethernet interfaces.

    I decided to dedicate one for Proxmox administration, the other for virtual machines.
    Both nics are connected to the same network (same switch).
    I assigned a static ip address to the host dedicated nic, and no ip to the other nic used by virtual machines.

    This is my configuration:
    Code:
    auto lo
    iface lo inet loopback
    
    auto eno2
    iface eno2 inet static
        address  10.0.80.192
        netmask  255.0.0.0
        gateway  10.0.0.3
    
    iface eno1 inet manual
    #non utilizzabile
    
    iface enp1s0 inet manual
    #pci-e
    
    auto vmbr0
    iface vmbr0 inet manual
        bridge_ports enp1s0
        bridge_stp off
        bridge_fd 0
    
    eno2 is used to administrate Proxmox.
    vmbr0 is used by VMs.

    Now, it works all fine, but... I've lost the possibility to configure virtual machine NICs in NAT mode.

    [​IMG]
    [​IMG]
    What can I do?
     
    #1 atman, Aug 29, 2018
    Last edited: Aug 29, 2018
  2. Rhinox

    Rhinox Active Member

    Joined:
    Sep 28, 2016
    Messages:
    272
    Likes Received:
    34
    That is quite logical. You used your only IP to PVE-management, that's right. But how would you like to use NAT for VMs? How should the local IP be "translated"? To what? There is no IP remaining. So you need one more...
     
  3. atman

    atman New Member

    Joined:
    Apr 24, 2012
    Messages:
    16
    Likes Received:
    0
    Thank you Rhinox.

    Ok, I need one more, let's say 10.0.80.193. But if assign this address to vmbr0, I haven't yet the NAT option.

    So I think I have to configure NAT + DHCP manually.

    How can I do it? I have not been able to find a guide.
     
  4. atman

    atman New Member

    Joined:
    Apr 24, 2012
    Messages:
    16
    Likes Received:
    0
    I'm making tests on another pc.

    This is my interface file:
    Code:
    auto lo
    iface lo inet loopback
    
    auto enp6s0
    iface enp6s0 inet static
    #for management
       address  10.0.80.191
       netmask  255.0.0.0
       gateway  10.0.0.3
       bridge_stp off
    
    iface ens6 inet manual
    #for VMs (pci-e)
    
    auto vmbr0
    iface vmbr0 inet static
       address  10.0.80.190
       netmask  255.0.0.0
       gateway  10.0.0.3
       bridge-ports ens6
       bridge-stp off
       bridge-fd 0
    
    auto vmbr1
    iface vmbr1 inet static
    #private sub network
       address  192.168.10.1
       netmask  255.255.255.0
       bridge-ports none
       bridge-stp off
       bridge-fd 0
    
            post-up echo 1 > /proc/sys/net/ipv4/ip_forward
            post-up   iptables -t nat -A POSTROUTING -s '192.168.10.0/24' -o vmbr0 -j MASQUERADE
            post-down iptables -t nat -D POSTROUTING -s '192.168.10.0/24' -o vmbr0 -j MASQUERADE
    
    Now I test NAT:
    - I build a VM with nic attached to vmbr1
    - then I assing address to VM: ip 192.168.10.2/24, gw 192.168.10.1
    - I try some ping:
    192.168.10.1 -> OK
    10.0.80.191 -> OK
    10.0.80.190 -> OK
    10.0.0.3 -> NO RESPONSE
    I cannot ping any machine outside PVE.

    What's wrong?
     
    #4 atman, Sep 8, 2018
    Last edited: Sep 8, 2018
  5. atman

    atman New Member

    Joined:
    Apr 24, 2012
    Messages:
    16
    Likes Received:
    0
    I cannot ping any machine outside PVE.

    Why?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice