Traffic without security restrictions between VMs on the same node

[frenn]

Hello everyone. Need advice.
Proxmox 7.1. One external IP. All the VMs in the masquerade are hanging on the same bridge in their local subnet 10.10.10.0/24. Firewall via GUI is enabled on all VMs. The necessary ACCEPT rules are written through GUI. Port Forwarding in iptables.
Traffic is also flying between VMs. They address each other by local IP 10.10.10.0/24. Provided that the Firewall is enabled on all machines, then for each one you need to separately prescribe permissive rules. And it works. But how correct is this setting? Is it possible to make traffic fly without restrictions between all virtual machines inside the 10.10.10.0/24 network?
Thank you.

 

[Pierre-Yves]

Hello
Second virtual network card on each vm dedicated to communication between VMs to create a "safe" network.
No routing between the Internet network and the safe network.
Hard security rules on the Internet cards.
Thus you can easily share services between hosts on the safe network without exposing those services on the Web network (ie mysql, monitoring, ...).
My 2 cents

 

[frenn]

Thank you for your answer.
Ok, I've set up another linux bridge. I did not register the IP and subnet on it. added a second network adapter to several guest VMs for the test. I restarted the network, restarted the VM, manually registered the IP on them. as a result, Internet access was turned off for all the guests and they still don't have access to each other. What am I doing wrong?

And one more question. if I leave one network adapter everywhere, can I register a firewall like this? Is this correct and secure?

Thank you.

 

[mvs]

And one more question. if I leave one network adapter everywhere, can I register a firewall like this? Is this correct and secure?
View attachment 36193
Thank you.

If you wish to allow all traffic between VMs just create an accept rule with
source: 10.10.10.0/24 and destination: 10.10.10.0/24
No need to specify rules for each ip separately.