Using the same ip addresses for different vms

D

Dehia

New Member
Jan 14, 2026
2
0
1
Hello,

I'm trying to deploy multiple isolated instances of the same VM scenario in Proxmox using SDN zones, but I'm running into a problem when enabling SNAT for internet access.

What works:
  • Multiple SDN Simple zones, each containing identical VMs
  • With snat=0: Perfect isolation - VMs in different zones cannot reach each other
  • VMs within the same zone can communicate with each other

  • Once i set snat=1 to enable internet access, I get routing collisions because all zones use the same subnet and gateway:
  • Zone 1: subnet 10.0.0.0/24, gateway 10.0.0.1
  • Zone 2: subnet 10.0.0.0/24, gateway 10.0.0.1
  • Zone 3: subnet 10.0.0.0/24, gateway 10.0.0.1
This causes conflicts and breaks connectivity.
Am i approaching this wrong and Is there a better approach to deploy multiple identical, isolated scenarios where VMs need internet access?
 
If you need to use the same subnet multiple times, you need to utilize VRFs to separate them on the PVE host. This functionality is currently not implemented for Simple Zones. When using NAT this way, you'd also need a way of discerning return traffic - either by utilizing CT marks or different IPs / interfaces for outgoing traffic (could be CGNAT for instance). All of this currently would need to be set up manually.

You could use a EVPN zone, but that comes with a lot of additional complexity, and you'd need to set up and configure dedicated router that handles NAT for your EVPN zones, since you cannot just leak the overlapping routes into the default routing table...

If I may ask, is there a particular reason you cannot use different subnets? It's a lot of added trouble and complexity, I wouldn't do it unless absolutely necessary.
 
  • Like
Reactions: Dehia
I'm actually working on deploying capture the flag challenges in proxmox where i need to have isolated instances of the same scenario( same networks, ip addresses... ) for every player, i'm still new to proxmox so it thought that the sdn zones will be enough to make it happen but it's more complicated than i thought
 
Dehia said:
I'm actually working on deploying capture the flag challenges in proxmox where i need to have isolated instances of the same scenario( same networks, ip addresses... ) for every player, i'm still new to proxmox so it thought that the sdn zones will be enough to make it happen but it's more complicated than i thought
Click to expand...
If it is all happening on the same host, you could consider using vmbr interfaces without a bridge port, or SDN simple zones without a gateway. Those two should technically be the same under the hood.

That way you can have a completely isolated network in which you can place the guests for one player. To get connectivity, you could also go with the approach of having a router VM per player, that connects the isolated network with the public network. On that router VM you can then tightly control what kind of traffic is allowed.
It is a bit more involved, but the delineation lines are very clear. :)
 
  • Like
Reactions: shanreich and Dehia
You must log in or register to reply here.
Top Bottom
Back