[SOLVED] Setup a Lab-LAN within Proxmox

S

scopion1745

New Member
Jun 7, 2024
5
0
1
Cheers Proxmox-Community,

i've started using proxmox about two weeks ago and judging by what i've seen so far: i like it.
Currently i' struggeling with creating a vm-internal lab LAN. I've searech and tried some guieds / settings but cant seem to find the right thing for me.
To be able to evaluate changes without impacting the productiv VMs i would love to clone the productiv machines an put them an a "lab-LAN".

Whats my goal?
creating a LAB-LAN where VMs on it can communicate with each other without impacting productiv LAN

Functions required within that LAN:
DHCP, DNS, PXE(provided by VMs within that net)

What have i done so far?
- created a SDN (Zone + VNet + Subnet with DHCP), attached a VM & CT to that VNet. When i check IPAM the both listed with an ipaddress. Checking on the interfaces from the VM/CT they only got APIPA addresses.​
pmx_07-06-2024_12-24-33.png
- tried it on a OVSbridge without any physical IF by adding a Container which handles DHCP. (this failed because i'm lacking knowledge configuring dnsmasq)​

Does anybody know a guide which suites my plan or can tell me what i'm doing wrong in my SDN?
 
Are you using the firewall on the host where you tried the simple zone + DHCP?
 
shanreich said:
Are you using the firewall on the host where you tried the simple zone + DHCP?
Click to expand...
i am not using the firewall on either host or datacenter

edit:
Maybe i should mention that i'm running a single-host enviroment
 
Last edited:
I am lost when it comes to Proxmox SDN as I do all my network stuff in a separate mini PC running pfSense, and have a managed switch. But if it helps, what I do is I have separate VLANs defined in pfSense and the managed switch. My proxmox NIC (I only have one) is set up in a VLAN aware bridge. Then when I spin up VMs or containers, I can specify in the setup which VLAN that VM/CT should be on. I control the access between VMs through firewall rules in pfSense. pfSense also provides the DNS and DHCP for each VLAN individually. In my home lab, I have severalother devices, such as 2 other proxmox nodes, two different NAS devices, a wireless access point, etc. So a switch definitely is needed in my set up. I used to run pfSense in a VM, with two dedicated NICs passed through to it (WAN and LAN). But I found that anytime I needed to reboot Proxmox for some reason I was taking down the entire internet for my home and my family would become agitated with me. So I now have a preference for running pfSense on its own bare metal.
 
louie1961 said:
I am lost when it comes to Proxmox SDN as I do all my network stuff in a separate mini PC running pfSense, and have a managed switch. But if it helps, what I do is I have separate VLANs defined in pfSense and the managed switch. My proxmox NIC (I only have one) is set up in a VLAN aware bridge. Then when I spin up VMs or containers, I can specify in the setup which VLAN that VM/CT should be on. I control the access between VMs through firewall rules in pfSense. pfSense also provides the DNS and DHCP for each VLAN individually. In my home lab, I have severalother devices, such as 2 other proxmox nodes, two different NAS devices, a wireless access point, etc. So a switch definitely is needed in my set up. I used to run pfSense in a VM, with two dedicated NICs passed through to it (WAN and LAN). But I found that anytime I needed to reboot Proxmox for some reason I was taking down the entire internet for my home and my family would become agitated with me. So I now have a preference for running pfSense on its own bare metal.
Click to expand...
i got opsense and managed switches in my production-network aswell. But as state i would like to not interfere with that.
if not needed i would like to not add additional hardware.
 
I hear you. Do you have VLANs set up in your production network, or is it all one subnet?
 
i came back from my lunch break and it seems like it fixed itself.
maybe it just took a while to fully implenent itself ¯\_(ツ)_/¯

both existing and new CTs now get DHCP leases from the VNet.
 

Attachments

  • pmx_07-06-2024_14-44-45.png
    pmx_07-06-2024_14-44-45.png
    66 KB · Views: 12
  • pmx_07-06-2024_14-48-51.png
    pmx_07-06-2024_14-48-51.png
    19.8 KB · Views: 12
I would encourage you to experiment with VLANs on that network, even if to add more isolation between your host and VMs. In my "production" environment I have three main VLANs: One for anything that faces the internet/publicly accessible from the internet (untrusted), one for stuff that is the opposite-does not face the internet at all (trusted), and one for my Proxmox management interfaces (management). I use firewall rules to separate the three. the trusted VLAN can access the other two, but the other two are completely isolated. So if someone manages to hack a publicly facing VM, they will not be able to access my Proxmox host, etc.

If you do set that up then it is a trivial matter to add a VLAN for your internal Lab LAN
 
Do you need to first create the bridge of the subnets before creating the Vnets/ Subnets & the dhcp range ?
 
Last edited:
No the Proxmox setup is pretty easy if you create the VLANs on something like OPNsense or pfSense. Here is my /etc/network/interfaces file. VLAN 20 is my management VLAN. I can select any of my VLANs when I create a VM or CT. Everything sits on vmbr0

auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4092

auto vmbr0.20
iface vmbr0.20 inet static
address 10.10.20.3/24
gateway 10.10.20.1
 
You create the VLANs on something like OPNsense or pfSense on Proxmox host or dedicated PC?
I did your config it kick me out of my server ^^ , i can't have access at the web ui or SSH
 
I created my VLANs on pfSense running on a separate N100 fan-less mini PC. You have to configure your switch to provide a trunked (tagged) port to the pfSense box as well as a trunked port to the Proxmox server. If you haven't done that and have locked yourself out of the Proxmox host, I would boot it up with a live Linux USB of your choosing and go revert the changes on your /etc/network/interfaces file.
 
perfect thx for explanation ! i will consider buy a firewall/router for opnsense when i will be more confortable with proxmox
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back