Setting two NICs, one for host, one for VMs with bridge and NAT

atman

Member
Apr 24, 2012
16
0
21
Italy
Hello,

on my PVE server (v. 5.2.7) I have two ethernet interfaces.

I decided to dedicate one for Proxmox administration, the other for virtual machines.
Both nics are connected to the same network (same switch).
I assigned a static ip address to the host dedicated nic, and no ip to the other nic used by virtual machines.

This is my configuration:
Code:
auto lo
iface lo inet loopback

auto eno2
iface eno2 inet static
    address  10.0.80.192
    netmask  255.0.0.0
    gateway  10.0.0.3

iface eno1 inet manual
#non utilizzabile

iface enp1s0 inet manual
#pci-e

auto vmbr0
iface vmbr0 inet manual
    bridge_ports enp1s0
    bridge_stp off
    bridge_fd 0
eno2 is used to administrate Proxmox.
vmbr0 is used by VMs.

Now, it works all fine, but... I've lost the possibility to configure virtual machine NICs in NAT mode.

jUMgDem

GOaNnhn.png

What can I do?
 
Last edited:

Rhinox

Active Member
Sep 28, 2016
272
37
28
32
That is quite logical. You used your only IP to PVE-management, that's right. But how would you like to use NAT for VMs? How should the local IP be "translated"? To what? There is no IP remaining. So you need one more...
 

atman

Member
Apr 24, 2012
16
0
21
Italy
Thank you Rhinox.

Ok, I need one more, let's say 10.0.80.193. But if assign this address to vmbr0, I haven't yet the NAT option.

So I think I have to configure NAT + DHCP manually.

How can I do it? I have not been able to find a guide.
 

atman

Member
Apr 24, 2012
16
0
21
Italy
I'm making tests on another pc.

This is my interface file:
Code:
auto lo
iface lo inet loopback

auto enp6s0
iface enp6s0 inet static
#for management
   address  10.0.80.191
   netmask  255.0.0.0
   gateway  10.0.0.3
   bridge_stp off

iface ens6 inet manual
#for VMs (pci-e)

auto vmbr0
iface vmbr0 inet static
   address  10.0.80.190
   netmask  255.0.0.0
   gateway  10.0.0.3
   bridge-ports ens6
   bridge-stp off
   bridge-fd 0

auto vmbr1
iface vmbr1 inet static
#private sub network
   address  192.168.10.1
   netmask  255.255.255.0
   bridge-ports none
   bridge-stp off
   bridge-fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '192.168.10.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.10.0/24' -o vmbr0 -j MASQUERADE

Now I test NAT:
- I build a VM with nic attached to vmbr1
- then I assing address to VM: ip 192.168.10.2/24, gw 192.168.10.1
- I try some ping:
192.168.10.1 -> OK
10.0.80.191 -> OK
10.0.80.190 -> OK
10.0.0.3 -> NO RESPONSE
I cannot ping any machine outside PVE.

What's wrong?
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!