Two NICs two subnets

S

swissschoggi

New Member
Jun 7, 2023
13
0
1
Hello Everyone,

I'm sweating my bal*s off right now, i've been searching for a definitive and working answer for days but nothing seems to work.

To start i use the onboard motherboard NIC as the main one, which is on 172.168.1.0/24 LAN, which is also working fine as intended.
As a second NIC i use a PCIE add in card that i can see is recognized using lspci. This Vlan is 192.168.4.1/24.
This is my /etc/network/interfaces i want to use vmbr4 as a DMZ VLAN for externally reachable machines.
auto lo iface lo inet loopback iface enp2s0 inet manual auto enp3s0 iface enp3s0 inet manual auto vmbr0 iface vmbr0 inet static address 172.168.1.23/24 gateway 172.168.1.1 bridge-ports enp2s0 bridge-stp off bridge-fd 0 auto vmbr4 iface vmbr4 inet static address 192.168.4.23/24 bridge-ports enp3s0 bridge-stp off bridge-fd 0 bridge-vlan-aware yes bridge-vids 2-4094 #DMZ

I created a debian machine and gave it the following /etc/network/interfaces:

auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.4.40/24 gateway 192.168.4.1

I got it working once that it showed up on my unifi dream machine pros dashboard but i was not able to apt-get update or ping 8.8.8.8
I'm pretty much out of ideas and Linux networking is not my strenght but i want to learn.

Thanks in advance
 
Hello,

probably interface enp3s0 is connected to a switch? Is the switchport in access or in trunk mode? Can you show the configuration of the VM network? Are you able to ping 192.168.4.23 from the VM and vice versa?

Regards
 
- Check your firewall configuration
- Check your unify configuration
- Check your network card interface settings
 
TodorPetkov said:
Hello,

probably interface enp3s0 is connected to a switch? Is the switchport in access or in trunk mode? Can you show the configuration of the VM network? Are you able to ping 192.168.4.23 from the VM and vice versa?

Regards
Click to expand...
It's connected directly to a port on my UDMP set to said VLAN and swithcing mode.
I do have it in port isolation.
I cannot ping 192.168.4.23 from the CT (sorry i forgot that it was a CT not a VM).
It also does not show up on the web interface of the UDMP.
 
accel said:
- Check your firewall configuration
- Check your unify configuration
- Check your network card interface settings
Click to expand...
Firewall and UDMP should be fine as far as i can tell.
The network card interface settings however i have no clue.
 
swissschoggi said:
It's connected directly to a port on my UDMP set to said VLAN and swithcing mode.
I do have it in port isolation.
I cannot ping 192.168.4.23 from the CT (sorry i forgot that it was a CT not a VM).
It also does not show up on the web interface of the UDMP.
Click to expand...
Can you show the network configuration of the CT in the PVE UI?
 
swissschoggi said:
Firewall and UDMP should be fine as far as i can tell.
The network card interface settings however i have no clue.
Click to expand...
Try attaching a different pc to that network port or replace the ethernet ports from vmbr0 to vmbr4 and recheck the arp table.
 
Spoonman2002 said:
vmbr4 bridge has no Gateway. 192.168.4.1 does not exist as Gateway.
Click to expand...
cant there be only 1 gateway?
Also i can see it now in my unifi dashboard when i enable DHCP but it won't find a lease even tho the client on unifi has the right mac address and an IP assigned
 
swissschoggi said:
cant there be only 1 gateway?
Also i can see it now in my unifi dashboard when i enable DHCP but it won't find a lease even tho the client on unifi has the right mac address and an IP assigned
Click to expand...

PVE host can only have 1 Gateway indeed.

Where is your DMZ VLAN4 configured, in a switch, in your router?
 
[QUOTE="Spoonman2002, post: 566541, member: 123839"] I use OpenVSwitch (OVS) in PVE. But I think you have to create a VLAN4 in PVE. [/QUOTE] damn, any tips on how i can still easily keep this isolated from my other LANs VLANs?
 
swissschoggi said:
[QUOTE="Spoonman2002, post: 566541, member: 123839"] I use OpenVSwitch (OVS) in PVE. But I think you have to create a VLAN4 in PVE. [/QUOTE] damn, any tips on how i can still easily keep this isolated from my other LANs VLANs?
Click to expand...
You have to create a VLAN(4) in PVE, check the wiki for howto.
My config is a bit different with OVS.
You can also install OVS in your PVE host, makes life a bit more easier to manage.
 
swissschoggi said:
[QUOTE="Spoonman2002, post: 566541, member: 123839"] I use OpenVSwitch (OVS) in PVE. But I think you have to create a VLAN4 in PVE. [/QUOTE] damn, any tips on how i can still easily keep this isolated from my other LANs VLANs?
Click to expand...
You can define rules to reject acces to the NET
 
Looking at your configuration, the port of the Unifi gateway, to where the physical port (enp3s0) of the server is connected, needs to be configured in trunk with at least VLAN2 - this is the VLAN configured on the CT. If Unifi port is in access mode, then you need to remove the VLAN tag from the CT network as well.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back