VMs on a different IP pool

[pass75]

Hi to everybody, I'm new on ProxMox and I decided to use it for my testing-lab to also start with a bit of Linux ;-)
On my host I had the default network config (bridged) with one physical NIC.
I noticed all the VMs were on the same subnet of my office and could access internet correctly through my office router (192.168.0.1).
For my testing-lab purposes I wanted to have all the VMs on a separate network but I wanted to go on to manage the ProxMox host via browser from my office pc (192.168.0.x subnet) so I changed the config following the "Routed Configuration" posted in ProxMox/Wiki/Network_Model.
Then my config is something like this:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 192.168.0.70
netmask 255.255.255.0
gateway 192.168.0.1
post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

auto vmbr0
iface vmbr0 inet static
address 10.10.10.2
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0

Ok, now the host still responds on 192.168.0.70:8006 and all the VMs are on a separate network and can correctly communicate each other but the problem is now they cannot access internet.
What is wrong?
I think I'm missing a NAT somewhere there... how and where can I configure it?
Considering that I have the possibility on my router to configure a second NAT listening on the LAN side on 10.10.10.1 (for example) I think it's enough to put a static route somewhere in the interfaces config file.
Can somebody help me to accomplish this?
Thank you very much in advance.

 

[wosp]

What are you using as gateway in the VM's? Whatever you do, you need to have a gateway/router in the 10.10.10.xxx range, since your subnetmask is 255.255.255.0 (/24). You can add routing/gateway functionality to your PVE node, since it's based on Debian Linux (use Google). After that you can use the node IP as the default gateway in the VM.

However, I think it's better to just add this IP range to your real router and if possible also configure (tagged) VLAN's on your links/PVE node.

 

[pass75]

I hoped to be able to solve the matter with just one nic but I couldn't.
As I said I configured a second NAT on my router LAN side 10.10.10.254 and I tried to use it as gateway in the VMs but it didn't work because the ip was not reachable (the subnet 10.10.10.x was isolated)
Then I thought to bridge the vmbr0 on the eth0:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 192.168.0.70
netmask 255.255.255.0
gateway 192.168.0.1
post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

auto vmbr0
iface vmbr0 inet static
address 10.10.10.2
netmask 255.255.255.0
bridge_ports eth0
bridge_stp off
bridge_fd 0

but also this config didn't work. It also caused me to lose the management connection to the host.
Then I restored the previous config and I added a second nic to the host.
I didn't touch the config of the eth0 leaving it on 192.168.0.70 for the host management but I bridged the vrmb0 on the eth1 (instead of eth0)
My final config is then:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 192.168.0.70
netmask 255.255.255.0
gateway 192.168.0.1

auto eth1
iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
address 10.10.10.2
netmask 255.255.255.0
bridge_ports eth1
bridge_stp off
bridge_fd 0

Now all the VMs bridged on vmbr0 are able to reach the gateway 10.10.10.254 and then to connect to internet but at the same time I'm still able to manage the PVE node on 192.168.0.70:8006.
Moreover the route set in my router allows me to reach the VMs located on the 10.10.10.x subnet from my pc (192.168.0.2). So I can use RDP to manage them.
Thank you!