two bridges in the same subnet? Is it possible?

gio2022

Member
Mar 29, 2022
66
3
13
Hello,

I want to separate the traffic into two different switch ports. One Port for GUI, ADMIN, and one port for VMs.
I don't want internal Networks in proxmox. The cluster has to be in my LAN (behind a firewall). sadly, I can only have one subnet.
We do not use the VLAN Number, but we have one. Switches are Cisco Fex.
This is a part of my /etc/network/interfaces


auto enp35s0f0np0
iface enp35s0f0np0 inet static
address 192.168.64.XX/XX
#ceph public

auto enp68s0f1
iface enp68s0f1 inet static
address 192.168.64.XXX/XX
#ceph cluster


auto enp68s0f0
iface enp68s0f0 inet manual
#vmbr0

auto enp35s0f1np1
iface enp35s0f1np1 inet manual
#vmbr1

auto vmbr0
iface vmbr0 inet static
address 192.168.64.XXX/XX
gateway 192.168.64.XXX
bridge-ports enp68s0f0
bridge-stp off
bridge-fd 0
#GUI, Backup, Admin

auto vmbr1
iface vmbr1 inet static
address 192.168.68.XXX/XX
bridge-ports enp35s0f1np1
bridge-stp off
bridge-fd 0
mtu 1500
#VMs


I have traffic on tcpdump -i enp35s0f1np1 ... but my VMs could not go out.
Someone told me, that Proxmox could only have e Bridge pro Subnet. I didn't understand so in der Documentation if I do not want internal networks in proxmox cluster?
Is that so?
Thank you in advance,

Gio
 
Last edited:
as vmbr1 is on a different subnet from your main lan, they will not be able to reach the internet as they won't be able to reach the main lan gateway. The solution is to

a) use ip tables rules on the host to relay traffic between the VM network and the main LAN/internet - for example
auto vmbr0 iface vmbr0 inet static address 192.168.64.XXX/XX gateway 192.168.64.XXX bridge-ports enp68s0f0 bridge-stp off bridge-fd 0 #GUI, Backup, Admin #enable ip forwarding post-up echo 1 > /proc/sys/net/ipv4/ip_forward auto vmbr1 iface vmbr1 inet static address 192.168.68.XXX/XX bridge-ports enp35s0f1np1 bridge-stp off bridge-fd 0 mtu 1500 #VMs #Route VM to WAN traffic via vmbr0 post-up iptables -t nat -A POSTROUTING -s '192.168.68.0/24' -o vmbr0 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '192.168.68.0/24' -o vmbr0 -j MASQUERADE

b) install a VM to act as a router - e.g pfSense etc.
 
  • Like
Reactions: Spoonman2002
Hello Bobmc, thank you for your answer.
I am confused. I only have one LAN. All these areas have the same gateway.

Now my VM can reach the internet, but it is not reachable from the other server in the same network....
Proxmox does not have a Firewall on.

 
In your original setup, you have defined two networks - the '.64' and the '.68'

Did you think you needed a second network? why?

Otherwise just put everything on the '.64' network and everything will work.

If you still want a second network for your VM's and you want to reach them from your normal network then you will need to do some more setup. Exactly how to do this, will depend on how your network is currently configured.
 
Hello Bobmc, thank you very much. All works now. I could use more Ports and Nic in the same Network. Best Regard
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!