[SOLVED] Setup a Lab-LAN within Proxmox

S

scopion1745

New Member
Jun 7, 2024
5
0
1
Cheers Proxmox-Community,

i've started using proxmox about two weeks ago and judging by what i've seen so far: i like it.
Currently i' struggeling with creating a vm-internal lab LAN. I've searech and tried some guieds / settings but cant seem to find the right thing for me.
To be able to evaluate changes without impacting the productiv VMs i would love to clone the productiv machines an put them an a "lab-LAN".

Whats my goal?
creating a LAB-LAN where VMs on it can communicate with each other without impacting productiv LAN

Functions required within that LAN:
DHCP, DNS, PXE(provided by VMs within that net)

What have i done so far?
- created a SDN (Zone + VNet + Subnet with DHCP), attached a VM & CT to that VNet. When i check IPAM the both listed with an ipaddress. Checking on the interfaces from the VM/CT they only got APIPA addresses.​
pmx_07-06-2024_12-24-33.png
- tried it on a OVSbridge without any physical IF by adding a Container which handles DHCP. (this failed because i'm lacking knowledge configuring dnsmasq)​

Does anybody know a guide which suites my plan or can tell me what i'm doing wrong in my SDN?
 
Are you using the firewall on the host where you tried the simple zone + DHCP?
 
I am lost when it comes to Proxmox SDN as I do all my network stuff in a separate mini PC running pfSense, and have a managed switch. But if it helps, what I do is I have separate VLANs defined in pfSense and the managed switch. My proxmox NIC (I only have one) is set up in a VLAN aware bridge. Then when I spin up VMs or containers, I can specify in the setup which VLAN that VM/CT should be on. I control the access between VMs through firewall rules in pfSense. pfSense also provides the DNS and DHCP for each VLAN individually. In my home lab, I have severalother devices, such as 2 other proxmox nodes, two different NAS devices, a wireless access point, etc. So a switch definitely is needed in my set up. I used to run pfSense in a VM, with two dedicated NICs passed through to it (WAN and LAN). But I found that anytime I needed to reboot Proxmox for some reason I was taking down the entire internet for my home and my family would become agitated with me. So I now have a preference for running pfSense on its own bare metal.
 
louie1961 said:
I am lost when it comes to Proxmox SDN as I do all my network stuff in a separate mini PC running pfSense, and have a managed switch. But if it helps, what I do is I have separate VLANs defined in pfSense and the managed switch. My proxmox NIC (I only have one) is set up in a VLAN aware bridge. Then when I spin up VMs or containers, I can specify in the setup which VLAN that VM/CT should be on. I control the access between VMs through firewall rules in pfSense. pfSense also provides the DNS and DHCP for each VLAN individually. In my home lab, I have severalother devices, such as 2 other proxmox nodes, two different NAS devices, a wireless access point, etc. So a switch definitely is needed in my set up. I used to run pfSense in a VM, with two dedicated NICs passed through to it (WAN and LAN). But I found that anytime I needed to reboot Proxmox for some reason I was taking down the entire internet for my home and my family would become agitated with me. So I now have a preference for running pfSense on its own bare metal.
Click to expand...
i got opsense and managed switches in my production-network aswell. But as state i would like to not interfere with that.
if not needed i would like to not add additional hardware.
 
I hear you. Do you have VLANs set up in your production network, or is it all one subnet?
 
i came back from my lunch break and it seems like it fixed itself.
maybe it just took a while to fully implenent itself ¯\_(ツ)_/¯

both existing and new CTs now get DHCP leases from the VNet.
 

Attachments

  • pmx_07-06-2024_14-44-45.png
    pmx_07-06-2024_14-44-45.png
    66 KB · Views: 17
  • pmx_07-06-2024_14-48-51.png
    pmx_07-06-2024_14-48-51.png
    19.8 KB · Views: 17
I would encourage you to experiment with VLANs on that network, even if to add more isolation between your host and VMs. In my "production" environment I have three main VLANs: One for anything that faces the internet/publicly accessible from the internet (untrusted), one for stuff that is the opposite-does not face the internet at all (trusted), and one for my Proxmox management interfaces (management). I use firewall rules to separate the three. the trusted VLAN can access the other two, but the other two are completely isolated. So if someone manages to hack a publicly facing VM, they will not be able to access my Proxmox host, etc.

If you do set that up then it is a trivial matter to add a VLAN for your internal Lab LAN
 
Do you need to first create the bridge of the subnets before creating the Vnets/ Subnets & the dhcp range ?
 
Last edited:
No the Proxmox setup is pretty easy if you create the VLANs on something like OPNsense or pfSense. Here is my /etc/network/interfaces file. VLAN 20 is my management VLAN. I can select any of my VLANs when I create a VM or CT. Everything sits on vmbr0

auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4092

auto vmbr0.20
iface vmbr0.20 inet static
address 10.10.20.3/24
gateway 10.10.20.1
 
You create the VLANs on something like OPNsense or pfSense on Proxmox host or dedicated PC?
I did your config it kick me out of my server ^^ , i can't have access at the web ui or SSH
 
I created my VLANs on pfSense running on a separate N100 fan-less mini PC. You have to configure your switch to provide a trunked (tagged) port to the pfSense box as well as a trunked port to the Proxmox server. If you haven't done that and have locked yourself out of the Proxmox host, I would boot it up with a live Linux USB of your choosing and go revert the changes on your /etc/network/interfaces file.
 
perfect thx for explanation ! i will consider buy a firewall/router for opnsense when i will be more confortable with proxmox
 
You must log in or register to reply here.
Top Bottom