Shared LAN between 2 nodes?

J

jdepa

New Member
Sep 28, 2020
7
0
1
39
Hello all, fantastic product.

I have 2 PCs connected to a single router using the subnet 192.168.1.1/24.

On node_one I have a PfSense firewall with WAN IP 192.168.1.60 with interfaces vmbr0 [WAN] and vmbr1 [LAN] (subnet 10.10.10.1/24) and a bunch of workstation VMs with interface vmbr1 that connects to the Internet through the PfSense vm. This all works great!

Now I have node_two on a separate PC with only a single VM that I would like have the ability to communicate with the other vmbr1 VMs and connect to the Internet through the same pfSense that is on node_one.

I feel like it should be possible to do this but I am at a lost. Any advice would be greatly appreciated! I'm fairly new to virtual networking but I am fast study.
 
jdepa said:
Hello all, fantastic product.

I have 2 PCs connected to a single router using the subnet 192.168.1.1/24.

On node_one I have a PfSense firewall with WAN IP 192.168.1.60 with interfaces vmbr0 [WAN] and vmbr1 [LAN] (subnet 10.10.10.1/24) and a bunch of workstation VMs with interface vmbr1 that connects to the Internet through the PfSense vm. This all works great!

Now I have node_two on a separate PC with only a single VM that I would like have the ability to communicate with the other vmbr1 VMs and connect to the Internet through the same pfSense that is on node_one.

I feel like it should be possible to do this but I am at a lost. Any advice would be greatly appreciated! I'm fairly new to virtual networking but I am fast study.
Click to expand...
Hi Jdepa

Yes, it's posible to allow communication between VMs on different nodes. There are several ways to get it working, depending on your network infrastructure.

If you don't use switches that support VLANs, then the setup would look like this ...

1603702051758.png
This is a very basic setup and very easy to implement, but you'll hit some limitations as soon as you try to create additional networks.

If your switches support VLAN tagging, then the way to go would be to use VLANs. The setup would be something like this ...

1603706091002.png

This setup is very flexible, as it scales quite good, when adding new networks, and it's easy to implement too. In order to get it working, you'll have to activate the option "VLAN aware" on the bridge configuration. After that you'll have to set the VLAN ID on the network interfaces of the VMs and the setup is done ... ;)

I hope this helps

Regards
 
Last edited:
  • Like
Reactions: jdepa
Thank you so much for the reply Belegnor.
If I understand correctly, in your diagram Node 1 has two network interfaces and node 2 only has one?
It just so happens that my actual devices are just like that. Node 2 only has one NIC. And I do happen to have a cisco switch laying around.

Judging by this, I would give node 2 an IP from the 10.10.10.10/24 subnet and connect it to the switch? Will I be able to join this device to node 1? Currently node 1 and node 2 have IPs 192.168.1.62 and 192.168.1.63 on my router. Would I be able to have node 2 join node 1 if node 1 stayed with with the 192.168.1.62 IP and node 2 had a 10.10.10.10 ip?

Thanks again!
 
jdepa said:
Thank you so much for the reply Belegnor.
If I understand correctly, in your diagram Node 1 has two network interfaces and node 2 only has one?
It just so happens that my actual devices are just like that. Node 2 only has one NIC. And I do happen to have a cisco switch laying around.

Judging by this, I would give node 2 an IP from the 10.10.10.10/24 subnet and connect it to the switch? Will I be able to join this device to node 1? Currently node 1 and node 2 have IPs 192.168.1.62 and 192.168.1.63 on my router. Would I be able to have node 2 join node 1 if node 1 stayed with with the 192.168.1.62 IP and node 2 had a 10.10.10.10 ip?

Thanks again!
Click to expand...

Hi again :)

The diagramms are intended as examples, so you'll have to adapt them to your needs.

If the management IPs of your Proxmox nodes are in network 192.168.1.0/24, then it would be probably better to use this network as internal LAN for the VMs too. For the "transit-to-internet" network, you can use another range (i. e. 192.168.10.0/24). The setup would change like this:

1603790069381.png

As you see, you'll have assign new IPs to both the router and the WAN interface of your firewall.

I said before that this setup will hit some limitations as soon as you need additional networks, so if you still want to keep your VMs in network 10.10.10.0/24, then you'll have to switch over to the second scenario and "play around" with VLANs. In this case, you should use a switch that supports tagged VLANs (i. e. Netgear GS108Tv3).

Regards
 
  • Like
Reactions: jdepa
Awesome. Thanks a ton of very helpful diagrams and advice. I do happen to have a switch capable of vlan tagging and it's something I've not done before. Shall go this route to learn and be better prepared for future growth.

Thanks again!
 
Belegnor said:
Hi Jdepa

Yes, it's posible to allow communication between VMs on different nodes. There are several ways to get it working, depending on your network infrastructure.

If you don't use switches that support VLANs, then the setup would look like this ...

View attachment 20762
This is a very basic setup and very easy to implement, but you'll hit some limitations as soon as you try to create additional networks.

If your switches support VLAN tagging, then the way to go would be to use VLANs. The setup would be something like this ...

View attachment 20765

This setup is very flexible, as it scales quite good, when adding new networks, and it's easy to implement too. In order to get it working, you'll have to activate the option "VLAN aware" on the bridge configuration. After that you'll have to set the VLAN ID on the network interfaces of the VMs and the setup is done ... ;)

I hope this helps

Regards
Click to expand...
I know this post is quite old, but if you are still active, I have a question. If I want my virtual firewall to be able to migrate hosts, and I'm coming straight off the modem, then I would do nearly the same thing? Vlan to, let's say, port one of each host? Where only the firewall vm would have access to that one port? Then share Lan with a trunk?

Thank you
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom