Setting up networking for NAT *and* bridged DHCP

[jemenake]

Hi All,
Apologies, in advance, if this has been answered in the past, but I can't find it.

I've got some guest VM's which aren't servers, so they don't need to accept incoming connections. So, for those, I can give them plain ol' NAT 10.???.???.??? addresses.

I've also got some servers which will need routable IP addresses, issued either:

1. statically in the OS config
2. Through DHCP handled by PVE (meaning that our enterprise assigns a pool of IP's to PVE, and then PVE is able to be a DHCP server to the individual VM guests, giving them their assigned address. So, the guest VM is using DHCP, but our enterprise DHCP server never sees requests from the VM; PVE intercepts and handles them).
3. Through DHCP handled by our enterprise (meaning that we register the VM's MAC address with our enterprise and the enterprise DHCP server gives out the address to the VM)

My problem lies in that I've never been able to really get any of these scenarios to work. In fact, I think the stock PVE installer didn't even give me a network config which would let me ping the PVE host; I think I had to login at the console and change /etc/network/interfaces to be:

auto eth1
allow-hotplug eth1
iface eth1 inet dhcp

#auto vmbr0
iface vmbr0 inet dhcp
pre-up iptables-restore < /etc/iptables.rules
bridge_ports eth0
bridge_stp off
bridge_fd 0​

And that gave me a system I could, at least, reach the web interface of. But all I can do it make NAT'd hosts. Any tips on how to achiever any of the 3 scenarios listed above?

 

[fabian]

Hi All,
Apologies, in advance, if this has been answered in the past, but I can't find it.

I've got some guest VM's which aren't servers, so they don't need to accept incoming connections. So, for those, I can give them plain ol' NAT 10.???.???.??? addresses.

I've also got some servers which will need routable IP addresses, issued either:

1. statically in the OS config
2. Through DHCP handled by PVE (meaning that our enterprise assigns a pool of IP's to PVE, and then PVE is able to be a DHCP server to the individual VM guests, giving them their assigned address. So, the guest VM is using DHCP, but our enterprise DHCP server never sees requests from the VM; PVE intercepts and handles them).
3. Through DHCP handled by our enterprise (meaning that we register the VM's MAC address with our enterprise and the enterprise DHCP server gives out the address to the VM)

My problem lies in that I've never been able to really get any of these scenarios to work. In fact, I think the stock PVE installer didn't even give me a network config which would let me ping the PVE host; I think I had to login at the console and change /etc/network/interfaces to be:

auto eth1
allow-hotplug eth1
iface eth1 inet dhcp

#auto vmbr0
iface vmbr0 inet dhcp
pre-up iptables-restore < /etc/iptables.rules
bridge_ports eth0
bridge_stp off
bridge_fd 0​

And that gave me a system I could, at least, reach the web interface of. But all I can do it make NAT'd hosts. Any tips on how to achiever any of the 3 scenarios listed above?

is your eth0 up and connected? because your vmbr0 (where the guests are connected by default) only has eth0 as port, not eth1.

all three of your scenarios are possible. number 1 is just a lot of manual effort, unless you have some kind of provisioning system set up that works without networking. number 2 probably requires the most extra setup and is not done by PVE (but you could for example use a virtual DHCP server which is connected to both the bridge to the outside, and an internal only bridge for your other guests). number 3 should work out of the box, but the bridge where the guests have their virtual interfaces needs to be able to talk to your enterprise dhcp server (e.g., by switching eth0 for eth1 in your case - I guess given the limited information you provided).

note that you can have as many bridges as you want, and bridges don't need to have an address or ports either.