<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Is it possible to do this dynamically using open vSwitch?<br>
<br>
<div class="moz-cite-prefix">On 09.03.15 22:15, Leslie-Alexandre
DENIS wrote:<br>
</div>
<blockquote cite="mid:54FDFF4D.2000308@gmail.com" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
Hello,<br>
<br>
personally I use one bridge per VM and add a route to the IP's VM
using the latter. Under Debian the route can be added
automatically after the up of the interface with configuration
like this :<br>
<br>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<div style="mso-element:para-border-div;border:dashed #2F6FAB
1.0pt;mso-border-alt: dashed #2F6FAB .5pt;padding:12.0pt 12.0pt
12.0pt 12.0pt;background:#F9F9F9">
<p class="MsoNormal"
style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
13.2pt;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt
320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt
641.2pt 687.0pt 732.8pt;
background:#F9F9F9;border:none;mso-border-alt:dashed #2F6FAB
.5pt;padding:0cm; mso-padding-alt:12.0pt 12.0pt 12.0pt 12.0pt"><span
style="mso-bidi-font-size:
12.0pt;mso-fareast-font-family:"Times New
Roman";mso-bidi-font-family:"Courier New";
color:black;mso-fareast-language:FR" lang="EN-US">auto vmbr0<o:p></o:p></span></p>
<p class="MsoNormal"
style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
13.2pt;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt
320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt
641.2pt 687.0pt 732.8pt;
background:#F9F9F9;border:none;mso-border-alt:dashed #2F6FAB
.5pt;padding:0cm; mso-padding-alt:12.0pt 12.0pt 12.0pt 12.0pt"><span
style="mso-bidi-font-size:
12.0pt;mso-fareast-font-family:"Times New
Roman";mso-bidi-font-family:"Courier New";
color:black;mso-fareast-language:FR" lang="EN-US">iface
vmbr0 inet static<o:p></o:p></span></p>
<p class="MsoNormal"
style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
13.2pt;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt
320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt
641.2pt 687.0pt 732.8pt;
background:#F9F9F9;border:none;mso-border-alt:dashed #2F6FAB
.5pt;padding:0cm; mso-padding-alt:12.0pt 12.0pt 12.0pt 12.0pt"><span
style="mso-bidi-font-size:
12.0pt;mso-fareast-font-family:"Times New
Roman";mso-bidi-font-family:"Courier New";
color:black;mso-fareast-language:FR" lang="EN-US"><span
style="mso-spacerun:yes"> </span>address<span
style="mso-spacerun:yes"> </span><main host ip><o:p></o:p></span></p>
<p class="MsoNormal"
style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
13.2pt;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt
320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt
641.2pt 687.0pt 732.8pt;
background:#F9F9F9;border:none;mso-border-alt:dashed #2F6FAB
.5pt;padding:0cm; mso-padding-alt:12.0pt 12.0pt 12.0pt 12.0pt"><span
style="mso-bidi-font-size:
12.0pt;mso-fareast-font-family:"Times New
Roman";mso-bidi-font-family:"Courier New";
color:black;mso-fareast-language:FR" lang="EN-US"><span
style="mso-spacerun:yes"> </span>netmask<span
style="mso-spacerun:yes"> </span>255.255.255.255<o:p></o:p></span></p>
<p class="MsoNormal"
style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
13.2pt;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt
320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt
641.2pt 687.0pt 732.8pt;
background:#F9F9F9;border:none;mso-border-alt:dashed #2F6FAB
.5pt;padding:0cm; mso-padding-alt:12.0pt 12.0pt 12.0pt 12.0pt"><span
style="mso-bidi-font-size:
12.0pt;mso-fareast-font-family:"Times New
Roman";mso-bidi-font-family:"Courier New";
color:black;mso-fareast-language:FR" lang="EN-US"><span
style="mso-spacerun:yes"> </span>bridge_ports none<o:p></o:p></span></p>
<p class="MsoNormal"
style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
13.2pt;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt
320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt
641.2pt 687.0pt 732.8pt;
background:#F9F9F9;border:none;mso-border-alt:dashed #2F6FAB
.5pt;padding:0cm; mso-padding-alt:12.0pt 12.0pt 12.0pt 12.0pt"><span
style="mso-bidi-font-size:
12.0pt;mso-fareast-font-family:"Times New
Roman";mso-bidi-font-family:"Courier New";
color:black;mso-fareast-language:FR" lang="EN-US"><span
style="mso-spacerun:yes"> </span>bridge_stp off<span
style="mso-spacerun:yes"> </span><o:p></o:p></span></p>
<p class="MsoNormal"
style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
13.2pt;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt
320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt
641.2pt 687.0pt 732.8pt;
background:#F9F9F9;border:none;mso-border-alt:dashed #2F6FAB
.5pt;padding:0cm; mso-padding-alt:12.0pt 12.0pt 12.0pt 12.0pt"><span
style="mso-bidi-font-size:
12.0pt;mso-fareast-font-family:"Times New
Roman";mso-bidi-font-family:"Courier New";
color:black;mso-fareast-language:FR" lang="EN-US"><span
style="mso-spacerun:yes"> </span>bridge_fd 0<o:p></o:p></span></p>
<p class="MsoNormal"
style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
13.2pt;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt
320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt
641.2pt 687.0pt 732.8pt;
background:#F9F9F9;border:none;mso-border-alt:dashed #2F6FAB
.5pt;padding:0cm; mso-padding-alt:12.0pt 12.0pt 12.0pt 12.0pt"><span
style="mso-bidi-font-size:
12.0pt;mso-fareast-font-family:"Times New
Roman";mso-bidi-font-family:"Courier New";
color:black;mso-fareast-language:FR" lang="EN-US"><span
style="mso-spacerun:yes"> </span>up ip route add
<additional ip>/32 dev vmbr0<o:p></o:p></span></p>
<p class="MsoNormal"
style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
13.2pt;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt
320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt
641.2pt 687.0pt 732.8pt;
background:#F9F9F9;border:none;mso-border-alt:dashed #2F6FAB
.5pt;padding:0cm; mso-padding-alt:12.0pt 12.0pt 12.0pt 12.0pt"><span
style="mso-bidi-font-size:
12.0pt;mso-fareast-font-family:"Times New
Roman";mso-bidi-font-family:"Courier New";
color:black;mso-fareast-language:FR" lang="EN-US"><span
style="mso-spacerun:yes"> </span>up ip route add
<another additional ip>/32 dev vmbr0<o:p></o:p></span></p>
</div>
<span
style="font-size:10.0pt;mso-bidi-font-size:12.0pt;line-height:
115%;font-family:"Calibri",sans-serif;mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times
New Roman";mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Courier
New";color:black;mso-ansi-language:EN-US;
mso-fareast-language:FR;mso-bidi-language:EN-US" lang="EN-US"><span
style="mso-spacerun:yes"> </span></span><br>
As far as I know you can reuse the host's IP (main IP of the
Proxmox node) on every bridge (vmbrX).<br>
<br>
This setup ensures that the traffic will be routed to the correct
VM, even if the client changes the IP configuration inside the
machine. If he does so, the machine won't be routed so
unavailable.<br>
<br>
That's it, I'll be very pleased to enhance this setup because I
think it's a major feature for a virtualization host.<br>
<br>
Regards,<br>
<br>
<div class="moz-cite-prefix">Le 09/03/2015 19:09, Fabrizio Cuseo a
écrit :<br>
</div>
<blockquote
cite="mid:7653103.1723.1425924579770.JavaMail.fabry@PC-FABRY"
type="cite">
<pre wrap="">Hello there.
I would like to know if there is already some module to create a restriction for IP/MacAddress.
For "low cost" VPS, creating a dedicated vlan, using a /30 network, configuring a network interface on the firewall, is too expensive.
So i would like to use the whole /24 network, and give one address to each vps; i also need to forbid any ip change.
The fastest way is to create an ebtables rule, but it will be simpler if on the VM details i can check a radio button "restrict ip address" and write the ip address. It will generate on all the nodes, two ebtables rules:
ebtables -A FORWARD -i ${network_device} -s ! ${mac_address} -j DROP
ebtables -A FORWARD -s ${mac_address} -p IPv4 --ip-src ! ${ip_address} -j DROP
It will work (for now) only for IPv4 address, but it can be enough for now.
Regards, Fabrizio
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
pve-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:pve-user@pve.proxmox.com">pve-user@pve.proxmox.com</a>
<a class="moz-txt-link-freetext" href="http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user">http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user</a>
</pre>
</blockquote>
<br>
</body>
</html>