Which Network Type for multiple public IP on 1 NIC

karlos

Renowned Member
Apr 11, 2010
51
0
71
Hi all,
The default network config works fine with a Vultr VPS and NAT:

Code:
iface ens3 inet manual

auto vmbr0
iface vmbr0 inet static
    address 202.111.81.143/23
    gateway 202.111.80.1
    bridge-ports ens3
    bridge-stp off
    bridge-fd 0

auto vmbr1
iface vmbr1 inet static
    address 10.0.0.1/24
    bridge-ports none
    bridge-stp off
    bridge-fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
#port forwards
    post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 53 -j DNAT --to 10.0.0.20:53
    post-down iptables -t nat -D PREROUTING -i vmbr0 -p udp --dport 53 -j DNAT --to 10.0.0.20:53

But how do I add a second public IP too this config or must I use the routed method like this(with the vmbr0 being the second public IP)?

Code:
auto ens3
iface ens3 inet static
        address  198.51.100.5
        netmask  255.255.255.0
        gateway  198.51.100.1
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up echo 1 > /proc/sys/net/ipv4/conf/ens3/proxy_arp


auto vmbr0
iface vmbr0 inet static
        address  203.0.113.17
        netmask  255.255.255.248
        bridge_ports none
        bridge_stp off
        bridge_fd 0
 
Last edited:
you can add it like this

Code:
auto vmbr0
iface vmbr0 inet static
    address 202.111.81.143/23
    gateway 202.111.80.1
    bridge-ports ens3
    bridge-stp off
    bridge-fd 0
up ip addr add 4.4.4.4/32 dev vmbr0
down ip addr del 4.4.4.4/32 dev vmbr0
 
Thanks for that,

I need an interface for the second IP so I can point containers too it though
 
answer is:

auto vmbr10
iface vmbr10 inet static
address 10.0.1.1
netmask 255.255.255.0
bridge-ports none
bridge-stp off
bridge-fd 0

# Enable ip forwarding on the Host OS
post-up echo 1 > /proc/sys/net/ipv4/ip_forward

# Create POST/PREROUTING rules on interface up
post-up iptables -t nat -A PREROUTING -s 10.0.1.0/24 -i vmbr0 -j DNAT --to 139.180.163.21
post-up iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -o vmbr0 -j SNAT --to-source 139.180.163.21
post-up iptables -t nat -A POSTROUTING -s '10.0.1.0/24' -o vmbr0 -j MASQUERADE
# Remove POST/PREROUTING rules on interface down
post-down iptables -t nat -D PREROUTING -s 10.0.1.0/24 -i vmbr0 -j DNAT --to 139.180.163.21
post-down iptables -t nat -D POSTROUTING -s 10.0.1.0/24 -o vmbr0 -j SNAT --to-source 139.180.163.21
post-down iptables -t nat -D POSTROUTING -s '10.0.1.0/24' -o vmbr0 -j MASQUERADE

# Forward port on -d public IP to 10.0.1.2
post-down iptables -t nat -D PREROUTING -d 139.180.163.21 -i vmbr0 -p tcp --dport 53 -j DNAT --to 10.0.1.2:53
post-up iptables -t nat -A PREROUTING -d 139.180.163.21 -i vmbr0 -p tcp --dport 53 -j DNAT --to 10.0.1.2:53
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!