hi there,
i have some root servers with 1 public IP, where ssh and proxmox:8006 runs.
internal, i tried venet0 as well as vmbr0, usind NAT and portforwarding to provide services.
when using venet, i can very easily assign IP-Adresses but the clients are connected to the physical network to to each other.
when using several vmbr, i need to handle the addresses on client side, but can seperate them totally from tha physical NIC and from each other, creating several subnets.
so how do i combine the advantages so i can manage the adresses in the WebGUI bit but do not allow access to the "real" NIC?
If one VM gets compromised i dont want it to get access to the NIC (my hoster already plugged out the cable once because of one miscofigured client).
Does a bond do what i need?
thank you for reading
i have some root servers with 1 public IP, where ssh and proxmox:8006 runs.
internal, i tried venet0 as well as vmbr0, usind NAT and portforwarding to provide services.
when using venet, i can very easily assign IP-Adresses but the clients are connected to the physical network to to each other.
when using several vmbr, i need to handle the addresses on client side, but can seperate them totally from tha physical NIC and from each other, creating several subnets.
so how do i combine the advantages so i can manage the adresses in the WebGUI bit but do not allow access to the "real" NIC?
If one VM gets compromised i dont want it to get access to the NIC (my hoster already plugged out the cable once because of one miscofigured client).
Does a bond do what i need?
thank you for reading