VMs on a separate network.

[silentstorm161]

I’m new to networking and was hoping someone could help.
I have a HP ProDesk G5 which I have installed Proxmox on and have my Plex running on one VM and Qbittorrent running on another. What I am wanting is Qbittorrent VM on a separate network from the rest of my home. With this in mind I purchased a NIC and a switch (TP-Link: TL-SG1024DE) and plugged the original NIC into a port on the switch connected to my home network and then the second NIC into a port on the switch I created as vlan2 for ports 13 and 14 with port 13 tagged and 14 untagged.
On the Proxmox I than created a new Linux Bridge named vmbr1 with the “port/slaves” as enp3s0, at first I tried putting in the CIDR and Gateway but due to vmbr0 it would not allow me to put in the gateway so left both blank. I have been using a test VM (windows 10) to get it to work but I get no internet. It shows up in Windows 10 as “connect without internet”, I also tried setting the IP and gateway in Windows 10 itself but no luck. I have been doing some reading and some guides recommending installing Pfsense but I thought this was a firewall so wouldn’t help with getting internet to a VM.
With the setup I have in mind, I am wanting to still access Proxmox GUI on my home network and the Plex VM but the VM for qbitorrent on its own network.

 

[bobmc]

It's quite possible to run multiple networks for VM's and containers, you may not have even needed to buy a new NIC and VLAN capable switch but then it does mean that you have the capability some physical and well as logical network isolation.

If your home network is say - 192.168.100.0/24, and the isolated network is 172.16.100.0/24

auto en0
iface en0 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.100.100/24
        gateway 192.168.100.1
        bridge-ports en0
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address 172.16.100.100/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
post-up   iptables -t nat -A POSTROUTING -s 172.16.100.0/24 -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s 172.16.100.0/24 -o vmbr0 -j MASQUERADE
post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

This just gives any VM, attached to vmbr1 with an ip address in the 172.16.100.x range, access to the internet.

However, what you need to think is how you will access the VM running the torrents because with the config, you would not be able to reach it from a host on the home network. You would need to login to Proxmox and then use the console to access the VM.