Simple Vlan Configuration

Ben McGuire

Member
Sep 14, 2016
30
1
6
We need to isolate our vms so that each VM cannot communicate with one another and preferably they cannot contact the host.

We have read that we just need to add the vlan tag in the proxmox gui network interface which we have done but when we have the van tag we have no internet connection.

we have vmbr0 for all our public VMs and vmbr1 that we use for NAT

We do not have openvswitch installed but we just want the best way to protet vms from each other.
Here is our /etc/network/interfaces file

auto lo

iface lo inet loopback



iface eth0 inet manual



iface eth1 inet manual



auto vmbr1

iface vmbr1 inet static

address 192.168.0.254

netmask 255.255.255.0

bridge_ports none

bridge_stp off

bridge_fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward

post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE

post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE





auto vmbr0

iface vmbr0 inet static

address XXX.202.216.175

netmask 255.255.255.0

gateway XXX.202.216.254

broadcast XXX.202.216.255

bridge_ports eth0

bridge_stp off

bridge_fd 0

network XXX.202.216.0



iface vmbr0 inet6 static

address 2001:41d0:1000:1baf::

netmask 64

post-up /sbin/ip -f inet6 route add 2001:41d0:1000:1bff:ff:ff:ff:ff dev vmbr0

post-up /sbin/ip -f inet6 route add default via 2001:41d0:1000:1bff:ff:ff:ff:ff

pre-down /sbin/ip -f inet6 route del default via 2001:41d0:1000:1bff:ff:ff:ff:ff

pre-down /sbin/ip -f inet6 route del 2001:41d0:1000:1bff:ff:ff:ff:ff dev vmbr0
 
Hi,
Have configured the switch so the vlan is known?
 
Thank you for your reply.

We have worked out that the vlans need to be added as the ip block is in the OVH vRack. in addition we have decided to go with creating multiple bridge device for each VM. Would this be suggested as we have another post asking this.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!