VM networking

  • Thread starter Thread starter zzxx_u
  • Start date Start date
Z

zzxx_u

Guest
I have 4 dedicated ip, I want to run multiple KVM vm in 1 node with these ip
202.XX.XX.1 -> 1 VM
202.XX.XX.2 -> 1 VM
202.XX.XX.3 -> 2 VM (port 22 and 30504)
202.XX.XX.4 -> 2 VM (port 12345 and 7777)

Gateway is 202.XX.XX.5

how to achieve this?
 
Last edited by a moderator:
your pve host(s) should have a way to route vm IP to the gateway and back.

one way is:
- give one IP of that public subnet to your pve host(s) eth0, with the same gateway
- create a vmbr on pve host(s) to pve eth0
- create vms eth linked to that vmbr
- your pve host(s) will be publicly reachable, though (you can protect them: firewall?)

another way:
- use something between gateway and pve host(s) wich is able to do address translation
- this thing should have 2 eth, one public external and one private internal
- give private address to pve host(s)
- create a vmbr on pve host(s) to pve eth0
- create vms eth linked to that vmbr
- give private address to vms
- make an address translation from your public ips to your private ip
- your pve host(s) will not be publicly reachable, though (unless you want, but you will need another public address or some sort of port forwarding trick, in the gateway)

I've read of another setup but know really a few about it
- you could give private ip to your pve host(s) and public ip to your vms
- you could setup arp proxying on pve host(s) so to make pve forward 202.XX.XX.XX traffic without being part of that subnet (it ses, IARW, mac addresses instead of IP addresses and is somewhat less scalable)
- your pve host(s) will not be publicly reachable, though

there could be other ways, though.

Marco
 
Is this right?
Code: 
# network interface settings
auto lo
iface lo inet loopback


auto eth0
iface eth0 inet static
        address  202.xx.xx.4
        netmask  255.255.255.248
        gateway  202.xx.xx.5


auto vmbr0
iface vmbr0 inet static
        address  10.10.10.1
        netmask  255.255.255.0
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
 
no, leave eth0 manual and give ip to vmbr, bridged to eth0 but
don't do this in cli, do that on the pve gui it's easy and safer
you will have to reboot though

and
you said gateway was
202.xxx.xxx.5

now it seems

202.xxx.xxx.6

check if it is ok

Marco
 
3FPNM.png

this is my default config,
I can manage vm 1 with ip 202.xx.xx.1 and vm 2 with 202.xx.xx.2
but i can't manage vm 3 and 4 to use 202.xx.xx.3
and vm 5 and 6 to use 202.xx.xx.4
 

Attachments

  • 3FPNM.png
    3FPNM.png
    9.6 KB · Views: 7
Last edited by a moderator:
sorry
202.xx.xx.4 is already used by vmbr0... how can you think to assign that to vms?

IP addresses in a subnet shoud be unique to a eth on a machine, physical or virtual
You cannot assign them like this

<<
vm 3 and 4 to use 202.xx.xx.3
vm 5 and 6 to use 202.xx.xx.4
>>

it will never work (well it could be an HA cluster but i feel this is not your case)

you said

<<
I have 4 dedicated ip, I want to run multiple KVM vm in 1 node with these ip
202.XX.XX.1 -> 1 VM
202.XX.XX.2 -> 1 VM
202.XX.XX.3 -> 2 VM (port 22 and 30504)
202.XX.XX.4 -> 2 VM (port 12345 and 7777)
>>

what you can do if you have just 4 IP is
* assign 1 public IP to vmbr0 -> eth0, as you already did
* create a VM with something like pfsense (or others) with 2 eth:
- eth0 external (public IP)
- eth1 internal (prvate IP)
* assign private ip to other vm (those you need, above)
* on pfsense, assign other public IP also to pfsense itself and then map 1:1 to public ip address, optionally doing some port forwarding if you have not enough public ip left
see this video http://www.youtube.com/watch?feature=player_detailpage&v=zrBr0N0WrTY
(just keep in mind that in the video he's using address 10.x.x.x as "public ips" just for demo)

this is just an idea...

Marco
 
hmm, i will try that
but how if I use 202.xx.xx.3 for the 3,4,5,6 VM?
 
you can use that public ip on (say) pfsense (as in the video), and port forward different ports to internal private ip, one for each vm

eg:
202.XX.XX.3 (pfsense) -> port forwarding
port 22 -> ip 192.168.1.1 (vm1)
port 12345-> ip 192.168.1.2 (vm2)
port 7777-> ip 192.168.1.3 (vm3)
port 30504-> ip 192.168.1.4 (vm4)

that would work
you can also define port ranges, instead of single ports, to forward.
and also translate "source" ports/ranges to different "destination" ports/ranges

Marco
 
m.ardito said:
sorry
202.xx.xx.4 is already used by vmbr0... how can you think to assign that to vms?

IP addresses in a subnet shoud be unique to a eth on a machine, physical or virtual
You cannot assign them like this

<<
vm 3 and 4 to use 202.xx.xx.3
vm 5 and 6 to use 202.xx.xx.4
>>

it will never work (well it could be an HA cluster but i feel this is not your case)

you said

<<
I have 4 dedicated ip, I want to run multiple KVM vm in 1 node with these ip
202.XX.XX.1 -> 1 VM
202.XX.XX.2 -> 1 VM
202.XX.XX.3 -> 2 VM (port 22 and 30504)
202.XX.XX.4 -> 2 VM (port 12345 and 7777)
>>

what you can do if you have just 4 IP is
* assign 1 public IP to vmbr0 -> eth0, as you already did
* create a VM with something like pfsense (or others) with 2 eth:
- eth0 external (public IP)
- eth1 internal (prvate IP)
* assign private ip to other vm (those you need, above)
* on pfsense, assign other public IP also to pfsense itself and then map 1:1 to public ip address, optionally doing some port forwarding if you have not enough public ip left
see this video http://www.youtube.com/watch?feature=player_detailpage&v=zrBr0N0WrTY
(just keep in mind that in the video he's using address 10.x.x.x as "public ips" just for demo)

this is just an idea...

Marco
Click to expand...

hmm, I don't understand with "create a VM with something like pfsense (or others) with 2 eth:" part
how to add eth? can you assist me?
 
?

in that scenario you need pve to have 2 eth
- eth0 will be bound to vmbr0 (with external public ip)
- eth1 will be bound to vmbr1 (with internal private ip)

create a vm with
- 2 (virtual) eth: eth0 bound to vmbr0 (external) and eth1 bound to vmbr1 (internal)
- see pfsense for all (virtual) hardwar requirements
- install pfsense in that vm (download a iso and use that in the (virtual) boot cd

then follow the setup. As this is not a pfsense forum, you should ask for info and hints in the pfsense forums

Marco
 
how if I only have 1 eth? (eth0)
I really new to this, sorry if I confuse you
 
you can create a vmbr interface thats not bridged to a physical eth interface, it will just be host only (that is you cannot access those IP's from outside the hostnode)

but in short to do what you want you need something to do NAT - thats either

1) manual config in proxmox hostnode
2) using a firewall appliance like Pfsense on your proxmox hostnode (this takes all but 1 of your public IP's and does the NAT)
3) purchase/rent a firewall/router that can do the NAT rules you require and place it in front of your hostnode(s)
 
Hi all... this is my first message here on forum, i'd been using proxmox for tests purposes since 2.0beta, in may private LAN.
Now I'm setting up a owned server in datacenter...

I'm finding also de same questions... so first of all:

reassuming the zzxx_u request:
You have a phisical server with only one phisical eth interface, but what is not clear for me is: do you have only 4 IP because it's in one /29 subnet or this is your public ip adresses and in the lan side you have a /24 lan or what?

In my case for example i have 5 public ip (/29 subnet, one for network, one for broadcast, one for gateway and 5 free to use) but behind this 5 public ip I have a 10.xx.xx.xx/24 lan with a 1-to-1 nat from the 5 public to 5 of private ip.


Thanks
 
Last edited:
OK, so you have to attach to the phisical switch and set direclty the public ip address on your server?
The server it's directly exposend on internet? It's in DMZ? There's something kind of firewall over you in datacenter?

It's quite strange that the datacenter expose you directly...
 
You must log in or register to reply here.
Top Bottom