VM in DMZ

F

forstera

Member
Apr 23, 2015
7
0
21
Hello all,
I work for a school and I installed a Proxmox in our DMZ. I've 2 network cards ; each card is connected to its own bridge. (vmbr1 and vmbr2). All my VMS are linked to the VMBR2 bridge and are accessible from the outside. I've one public IP and 1 subdomain name server1.mydomain.com ; server2.mydomain.com per VM. My vmbr2 bridge has no adress because I just want my VMs to be accessed from the outside.

I'm responsible for the firewall but I had to give the ports to open to access my VMs from the outside (only port 80 & 443) and the one to acces my sever from my lan (8006 and 22).

My VMBR1 bridge has a local IP address so I can access my server (and proxmox) from my LAN. I configured the gateway here.

For the while, it's not working ; I can access my Proxmox from my lan but I can't access my VMs from (from my LAN and from outside).

So I was wondering if I've to give a public ip adresse to my vmbr2 bridge, too (but I think no) and if this is correct to have my gatway configured for my vmbr1 bridge (lan)

thanks to all for your help
Best Regards
 
Last edited:
If I understand your situation correctly, vmbr1 is used for the PVE host itself. It is okay to have a gateway installed so it can access the internet to fetch updates and time data to sync the clock.

A bridge is equivalent to a switch. You don't have to configure an IP address on it.

You will have to make sure, that it is connected to the firewall/router correctly according to its configuration. If you did have multiple physical machines connected to your firewall/router with public IP addresses through a dedicated DMZ switch the situation with vmbr2 should be the same.
 
Hello Aaron and thanks for your answer. Yes, vmbr1 is used for the PVE itself. I use it to manage my PVE. The company which manages the firewall and the switches allows me to have multiple MAC addresses on the switch port connected to my VMBR2. So, my eno2 network card is linked to my VMBR2 ; both have no Ip address and each VM linked to my VMBR2 has it's own public ip adress and gateway. but for the while, I can't access my VMs by either the lan (ssh) or the wlan (http)
thanks for your help
 
Can the VMs ping their gateway?
Can the VMs access anything on the internet? If yes, then the basic functionality should be given.

Can you access the VMs from outside your whole network (ie. the "internet") on their public addresses? (ping, whatever services they offer?) A mobile hotspot on the phone is an easy way to be outside of the internal network.

With the information given, I don't think this is a PVE problem per se but more a networking problem.
To test this, you could connect a physical machine (laptop?) instead of the vmbr2/eno2 and give it one of the public IPs and see if you have the same problems.
 
Hello Aaron,
I can't ping the gateway and I can't access my VM's from the outside. I'll make a test as you wrote and contact the company which manage the firewall/switches. Thanks very much for your help. Keep you informed ...
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom