[PVE-User] Using Public IP onto VM
timh at shiwebs.net
Mon May 2 13:35:48 CEST 2011
On Fri, April 29, 2011 11:24, Hugo Letemplier wrote:
> 2011/4/29 Flavio Stanchina <flavio.stanchina at ies.it>:
>> On 26/04/2011 19:34,
>> Bruce B <bruceb444 at gmail.com> wrote:
>>> I have two interfaces on the Proxmox server. One is having the
192.168.0.0/24 range [...]
>>> Now I have other public IPs that I can assign from my router
>>> or maybe NAT forward. Is it best to do another network on vmbr1 like
192.168.2.0/24 and then assign that to the VMs?
>>> or is it easier to get the public IP on vmbr1?
>>> I am wondering how this works?
>>> I need to be running maybe multiple HTTP servers on VMs.
>> You should configure networking on the VMs as if they were real
>> there's no general answer. Depending on your requirements, you may need
>> have both public ad internal IP addresses on the same machine, isolate
>> on a network that is completely separate from the Proxmox servers
>> your LAN, have a (virtual, maybe) firewall filtering and redirecting
connections to the VM, or something completely different: there are so many
>> possible configurations that it would take a book just to enumerate
>> That is, if you have any doubts, ask your local network administrator.
>> question doesn't have much to do with the fact that your servers are
virtual, except maybe for the added benefit that you can create and destroy
>> network adapters at the touch of a button.
>> Flavio Stanchina
>> Informatica e Servizi
>> Trento - Italy
>> pve-user mailing list
>> pve-user at pve.proxmox.com
> I think you can also create a new virtual bridge on your host thats
bound to a vlan of your physical interface then you can bind the vitrual
interface of the VM to the virtual bridge of the host.
> It's not a perfect solution, but I dont know your networking
> environemnt ! Prefer something with a DMZ and port forwarding
> configured on your router.
> pve-user mailing list
> pve-user at pve.proxmox.com
In our case we utilize linux networking as much as we can, we run;
1. Bonding (eth0+1) active-backup
2. vmbr0 on bond0 with host-only ip-range (10.x.x.x)
3. vlan-interfaces *without* ip-address for our virtual network (vmbrXXYY)
4. bridged network on vmbrXXYY for the virtual server depending on which
VLAN it should have access to.
All gateways are on firewalls or in the router with rules and filters for
inter-vlan communication, for example the host-servers dont have
internet-access per se, but uses a proxy for apt and internal
In essence, you can do exactly how and what you want with the networking.
To reply to your question specifically, I would configure the vmbr1
network in a vlan without an ip and just set the link to active (ip link
set dev vmbr1 up) and configure the public ips inside the guests as any
normal interface. Thus the HN is only accessible from your "internal"
network and the guests can use the public addresses freely.
iface eth0 inet manual
iface eth1 inet manual
iface bond0 inet manual
slaves eth0 eth1
iface vmbr0 inet static
iface bond0.531 inet manual
iface vmbr531 inet manual
More information about the pve-user