We need to isolate our vms so that each VM cannot communicate with one another and preferably they cannot contact the host.
We have read that we just need to add the vlan tag in the proxmox gui network interface which we have done but when we have the van tag we have no internet connection.
we have vmbr0 for all our public VMs and vmbr1 that we use for NAT
We do not have openvswitch installed but we just want the best way to protet vms from each other.
Here is our /etc/network/interfaces file
auto lo
iface lo inet loopback
iface eth0 inet manual
iface eth1 inet manual
auto vmbr1
iface vmbr1 inet static
address 192.168.0.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE
auto vmbr0
iface vmbr0 inet static
address XXX.202.216.175
netmask 255.255.255.0
gateway XXX.202.216.254
broadcast XXX.202.216.255
bridge_ports eth0
bridge_stp off
bridge_fd 0
network XXX.202.216.0
iface vmbr0 inet6 static
address 2001:41d0:1000:1baf::
netmask 64
post-up /sbin/ip -f inet6 route add 2001:41d0:1000:1bff:ff:ff:ff:ff dev vmbr0
post-up /sbin/ip -f inet6 route add default via 2001:41d0:1000:1bff:ff:ff:ff:ff
pre-down /sbin/ip -f inet6 route del default via 2001:41d0:1000:1bff:ff:ff:ff:ff
pre-down /sbin/ip -f inet6 route del 2001:41d0:1000:1bff:ff:ff:ff:ff dev vmbr0
We have read that we just need to add the vlan tag in the proxmox gui network interface which we have done but when we have the van tag we have no internet connection.
we have vmbr0 for all our public VMs and vmbr1 that we use for NAT
We do not have openvswitch installed but we just want the best way to protet vms from each other.
Here is our /etc/network/interfaces file
auto lo
iface lo inet loopback
iface eth0 inet manual
iface eth1 inet manual
auto vmbr1
iface vmbr1 inet static
address 192.168.0.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE
auto vmbr0
iface vmbr0 inet static
address XXX.202.216.175
netmask 255.255.255.0
gateway XXX.202.216.254
broadcast XXX.202.216.255
bridge_ports eth0
bridge_stp off
bridge_fd 0
network XXX.202.216.0
iface vmbr0 inet6 static
address 2001:41d0:1000:1baf::
netmask 64
post-up /sbin/ip -f inet6 route add 2001:41d0:1000:1bff:ff:ff:ff:ff dev vmbr0
post-up /sbin/ip -f inet6 route add default via 2001:41d0:1000:1bff:ff:ff:ff:ff
pre-down /sbin/ip -f inet6 route del default via 2001:41d0:1000:1bff:ff:ff:ff:ff
pre-down /sbin/ip -f inet6 route del 2001:41d0:1000:1bff:ff:ff:ff:ff dev vmbr0
