[PVE-User] How to add a second router to same Proxmox server?

Bruce B bruceb444 at gmail.com
Thu Jun 14 18:56:55 CEST 2012

Amazing info Guy. Thanks. I read your notes and saw the last picture. The
first picture you attached didn't come through.

So, here is my situation (You will have to use big screen to see this):

pfSense-1 - First routable IP block:*29*
pfSense-2 - Second routable IP block:*27*

They are totally different ranges but here is a diagram of my equipment:

ISP  ====>   Dumb Switch
                       |             |
                pfSense1    pfSense-2

           |   eth0                     eth1  |
           |                                       |
           |_______ProxMox _______|

I have vmbr0 just like yours and it got it's private IP of and
all containers through that bridge can obtain DHCP IP of range I don't need to assign public IP addresses directly to
containers. I can use pfSense to do the NAT forward.

So, how come your vmbr2 or vmbr3 have IPs assigned to them? Shouldn't they
have IPs? Not that I care as my vmbr0 already gives me GUI access to
Proxmox but I am wondering how it works.

So, I don't want to loose GUI access (that can be nightmare to me given
it's a production server and no test servers here). Would I be safe if I
just go ahead to GUI and create vmbr1 and then attach the 2nd pfSense to it?

****Given the two very different public IP ranges I receive from my ISP,
can I still use VLANs?

Thanks again for all your patience. I am learning a lot.

On Wed, Jun 13, 2012 at 2:14 PM, Guy <guy at britewhite.net> wrote:

> ok let see if I can be clearer now that I'm reading this on a bigger
> screen :)
> Your ISP has given you a second routable block of IPs correct?  The next
> hope for both these network segments is the same correct (the Gateway that
> the pfsense points to on the WAN interface)?  In which case I'm not really
> sure why you feel the need for another interface on your router.
> Are you using NAT, or bridging the WAN interface?  If NAT, ie the firewall
> is holding the IPs and your using private addresses internally then just
> carry on with that all will be well no need to do anything special.
> On the proxmox side... you can create "Bridge" interfaces and not give the
> proxmox an IP on it.  This is by far the best way.  Just create a bunch of
> VLANS and then create the bridge interfaces inside proxmox, and push then
> to the correct VM image.  On my Proxmox system I have this..
> As you can see the bridge interface vmbr0 is the only one with an IP
> address.. This is the IP I talk to the proxmox with.. All the others are
> VLANS on my network, I then select the correct interface for the correct VM
> depending on where I want it to site in my network.
> eg..
> vmbr1 is my DMZ network with NAT IP addresses... 192.168.55.x
> vmbr10 is my WANBRIDGE interface and thus has public IP address directly
> on it for systems which I expose to the interface behind the pfsense
> firewall, which is the just doing ACL security and not NAT.
> --Guy
> On 13 Jun 2012, at 18:56, Bruce B wrote:
> Guy,
> Thanks for the input.
> If I create a vmbr1 and then whenever I create a container can't I simply
> select vmbr1 as the venet or veth? Are you saying I have to change things
> on the host node (I'd like to stay away from that).
> What is involved with pfSense vlans? My pfSense has 3 ports. My ISP gives
> two totally separate blocks of IPs to us (one is a /29 and other is a /27).
> The /29 right now is using WAN port on pfSense. LAN-1 port is going to
> Proxmox. I am only left with LAN-2. If I use that as WAN-2 then I don't
> have a LAN port left to connect to proxmox.
> Do you see VLANs to be still easier for me to setup the /27 onto and
> managing overhead would be lower than getting a second router involved?
> Best,
> On Wed, Jun 13, 2012 at 1:45 PM, Guy <guy at britewhite.net> wrote:
>> Why not use VLANs on your pfsense firewall I do this all the time.
>> On a side note. You can't have two default routes. You can add routes to
>> specific networks. As this is standard Debian you can google for details on
>> setting that up
>> ---Guy
>> (via iPhone)
>> On 13 Jun 2012, at 18:37, Bruce B <bruceb444 at gmail.com> wrote:
>> Hi Everyone,
>> I have a SuperMicro server with two NIC ports on it. Eth0 is connected to
>> a pfSense router and all the VM and Containers obtain DHCP IP from that
>> router via Proxmox vmbr0. I want to add another router to the equation for
>> redundancy and also because we got another block of IP addresses that I
>> want to use. My current pfSense router doesn't have the ports needed to do
>> the job so I need a second pfSense router for this. This is what I see in
>> Network setup now:
>> Name: Active: Autostart: Ports/Slaves: Subnet mask: Gateway:
>> eth0          Yes            No
>> eth1          No            No
>> vmbr0 Yes            Yes eth0
>> I have previously lost access to Proxmox GUI when turning on the eth1. I
>> don't have the luxury of testing now. I have to do this precisely and
>> correctly. So my questions are:
>> 1- What files backup should I do first so that if I loose access to
>> Proxmox GUI, I can restore them and do a "network restart" and get it all
>> running to previous working state?
>> 2- The new router will be supply IP ranges. After I
>> connect it to eth1 port on the server, what should I do to turn it on.
>> 3- Once it's setup, how do I go about dictating which VM or Container
>> should obtain IP from which interface? do I need a vmbr1?
>> Thanks
>> _______________________________________________
>> pve-user mailing list
>> pve-user at pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20120614/b3f56330/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PastedGraphic-1.tiff
Type: image/tiff
Size: 732990 bytes
Desc: not available
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20120614/b3f56330/attachment.tiff>

More information about the pve-user mailing list