vmbr Network Question - Proxmox 1.8 & IPCop 2.0.2

[mylesw]

[SOLVED] vmbr Network Question - Proxmox 1.8 & IPCop 2.0.2

Hi there, I have a server that we have colocated at another data center. Its a single server with PM VE 1.8 on it. It has two physical NICs on it, but only one is connected at this time to the data center's WAN connection.

I installed IPCop 2.0.2 on there as a KVM so that I could use it as the front-end firewall for all the OpenVZ containers I will be installing on the box. I have it set in a typical RED/GREEN configuration.

On Proxmox I have setup vmbr0 which is tied to eth0, and has IP allocation set from the data center's WAN IP allocation. I then setup vmbr1 which will be the virtual network switch that IPCop will use as its green network. This is not tied to a physical NIC but has a local IP address allocation (private LAN).

I have created a test OpenVZ server (CentOS5).

In IPCop I can see both networks. IPCop can ping the WAN through vmbr0 and can ping the LAN (Green) CentOS server just fine.

When I VNC into the CentOS server, and attempt to edit /etc/sysconfig/network-scripts I see ifcg-venet0:0 as the virtual network device. The default values are showing as:

DEVICE=venet0:0
ONBOOT=yes
IPADDR=192.168.110.10
NETMASK=255.255.255.255

I change them to what I want:

DEVICE=venet0:0
ONBOOT=yes
IPADDR=192.168.110.10
NETMASK=255.255.255.0
GATEWAY=192.168.110.1

The Gateway is the IPCop KVM.

I save those settings, and then reboot the CentOS server.

Each time I return to the server, its been reset back to its default settings. I lose the netmask & gateway settings I put in there.

Why is this happening? What am I doing wrong here?

Myles

 

[tom]

...

Each time I return to the server, its been reset back to its default settings. I lose the netmask & gateway settings I put in there.

Why is this happening? What am I doing wrong here?

Myles

If you go for venet, the network config is configured OUTSIDE the container. if you go for veth, you can configure the network inside the container. see also http://wiki.openvz.org/Differences_between_venet_and_veth

 

[mylesw]

Thanks for the reply. I can't see anyway in Proxmox to set the networking to anything other than venet though. The Network screen to configure the OpenVZ container in 1.8 only has reference to venet and no option to change it to veth. Where do I change this?

Myles

FOUND OUT HOW: Seems that by removing the IP Address in the container's setting allows for it to be changed to a veth. The only problem is that when I do that, and I try and bind the veth to vmbr1, it saves it and then immediately reverts to 'disabled' afterwards.

 

[mylesw]

Found why that was happening... You have to shutdown all containers that you want to change first. Duh....

 

[mylesw]

[SOLVED] Re: vmbr Network Question - Proxmox 1.8 & IPCop 2.0.2

Just wanted to update this thread to say that I have it solved. I now have a perfectly working Proxmox VE 1.8 server with IPCop 2.0.2 as a KVM on it, and a number of CentOS5 servers in the GREEN network. The IPCop is setup to firewall all access to any published services on the CentOS servers, and it works perfectly. The nice thing I found with IPCop v2 is that you can elect in the configuration to have access to IPCop's Admin interface on external networks, but can secure them by client Mac address or client IP address for security. Of course when initially installed as a KVM, there is no access to the IPCop web based admin system, so I had to install a temporary Windows ISO as a VM in the Green network, so that I had a GUI to run a web browser. After that was done, I deleted Windows and its all working great now.

I have OpenVPN on it, and I'm about to start to experiment with IPSec to another IPCop box for 'Net to Net' VPN. And then migration of VMs between multiple Proxmox hosts in a cluster format.

The secret to getting this all to work was to avoid venet interfaces in the guests and stay with the veth interfaces. Once that was done, I just had to edit /etc/sysconfig/network for the gateway, and create /etc/sysconfig/networking-scripts for ifcg-eth0 for the VM's network device and it was fine. I was able to copy the settings I had on a working VMWare guest I had for this, and it worked first time.

Brilliant! Thanks Proxmox team. You guys are the best.

Myles