Trying to figure out isolated networks in Proxmox

H

headcase

New Member
Jul 7, 2019
10
0
1
39
I'm trying to figure out isolated networks in Proxmox, and am having trouble finding information on the subject. What I would like to do is create another bridge interface that is isolated, and can't talk to machines on other bridge interfaces. I have a interfaces file that looks like this:

Code: 
auto lo
iface lo inet loopback

auto eno1
iface eno1 inet static
        address  xxx.xxx.xxx.xxx
        netmask  255.255.255.128
        gateway  xxx.xxx.xxx.xxx

iface eno2 inet manual

auto vmbr0
iface vmbr0 inet static
        address  10.10.10.1
        netmask  255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address  10.10.11.1
        netmask  255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE

Hosts on vmbr1 are able to ping hosts on vmbr0. How can I make it so that hosts on vmbr1 are isolated?
 
Last edited:
headcase said:
I'm trying to figure out isolated networks in Proxmox, and am having trouble finding information on the subject. What I would like to do is create another bridge interface that is isolated, and can't talk to machines on other bridge interfaces. I have a interfaces file that looks like this:

Code: 
auto lo
iface lo inet loopback

auto eno1
iface eno1 inet static
        address  xxx.xxx.xxx.xxx
        netmask  255.255.255.128
        gateway  xxx.xxx.xxx.xxx

iface eno2 inet manual

auto vmbr0
iface vmbr0 inet static
        address  10.10.10.1
        netmask  255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address  10.10.11.1
        netmask  255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE

Hosts on vmbr1 are able to ping hosts on vmbr0. How can I make it so that hosts on vmbr1 are isolated?
Click to expand...


If hosts on vmbr0 can reach those on vmbr1 and vice versa depends on the routing configuration in the VMs. If you want to avoid it categorically activate a firewall which does not allow connections between vmbr0 and vmbr1.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom