[PVE-User] How to add a second router to same Proxmox server?

Guy guy at britewhite.net
Wed Jun 13 20:14:35 CEST 2012


ok let see if I can be clearer now that I'm reading this on a bigger screen :)


Your ISP has given you a second routable block of IPs correct?  The next hope for both these network segments is the same correct (the Gateway that the pfsense points to on the WAN interface)?  In which case I'm not really sure why you feel the need for another interface on your router.  

Are you using NAT, or bridging the WAN interface?  If NAT, ie the firewall is holding the IPs and your using private addresses internally then just carry on with that all will be well no need to do anything special.

On the proxmox side... you can create "Bridge" interfaces and not give the proxmox an IP on it.  This is by far the best way.  Just create a bunch of VLANS and then create the bridge interfaces inside proxmox, and push then to the correct VM image.  On my Proxmox system I have this..



As you can see the bridge interface vmbr0 is the only one with an IP address.. This is the IP I talk to the proxmox with.. All the others are VLANS on my network, I then select the correct interface for the correct VM depending on where I want it to site in my network.

eg..
 
vmbr1 is my DMZ network with NAT IP addresses... 192.168.55.x

vmbr10 is my WANBRIDGE interface and thus has public IP address directly on it for systems which I expose to the interface behind the pfsense firewall, which is the just doing ACL security and not NAT.


--Guy

On 13 Jun 2012, at 18:56, Bruce B wrote:

> Guy,
> 
> Thanks for the input.
> 
> If I create a vmbr1 and then whenever I create a container can't I simply select vmbr1 as the venet or veth? Are you saying I have to change things on the host node (I'd like to stay away from that).
> 
> What is involved with pfSense vlans? My pfSense has 3 ports. My ISP gives two totally separate blocks of IPs to us (one is a /29 and other is a /27). The /29 right now is using WAN port on pfSense. LAN-1 port is going to Proxmox. I am only left with LAN-2. If I use that as WAN-2 then I don't have a LAN port left to connect to proxmox.
> 
> Do you see VLANs to be still easier for me to setup the /27 onto and managing overhead would be lower than getting a second router involved?
> 
> Best,
> 
> On Wed, Jun 13, 2012 at 1:45 PM, Guy <guy at britewhite.net> wrote:
> Why not use VLANs on your pfsense firewall I do this all the time. 
> 
> On a side note. You can't have two default routes. You can add routes to specific networks. As this is standard Debian you can google for details on setting that up
> 
> ---Guy
> (via iPhone)
> 
> On 13 Jun 2012, at 18:37, Bruce B <bruceb444 at gmail.com> wrote:
> 
>> Hi Everyone,
>> 
>> I have a SuperMicro server with two NIC ports on it. Eth0 is connected to a pfSense router and all the VM and Containers obtain DHCP IP from that router via Proxmox vmbr0. I want to add another router to the equation for redundancy and also because we got another block of IP addresses that I want to use. My current pfSense router doesn't have the ports needed to do the job so I need a second pfSense router for this. This is what I see in Network setup now:
>> 
>> Name:	Active:		Autostart:	Ports/Slaves:	Subnet 		mask:		Gateway:
>> eth0	         Yes		           No
>> eth1	         No		           No
>> vmbr0	Yes		           Yes		eth0		192.168.10.5	255.255.255.0	192.168.5.1
>> 
>> 
>> I have previously lost access to Proxmox GUI when turning on the eth1. I don't have the luxury of testing now. I have to do this precisely and correctly. So my questions are:
>> 
>> 1- What files backup should I do first so that if I loose access to Proxmox GUI, I can restore them and do a "network restart" and get it all running to previous working state?
>> 2- The new router will be supply 192.168.20.0/24 IP ranges. After I connect it to eth1 port on the server, what should I do to turn it on.
>> 3- Once it's setup, how do I go about dictating which VM or Container should obtain IP from which interface? do I need a vmbr1?
>> 
>> Thanks
>> _______________________________________________
>> pve-user mailing list
>> pve-user at pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pve.proxmox.com/pipermail/pve-user/attachments/20120613/989ac5db/attachment-0014.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PastedGraphic-1.tiff
Type: image/tiff
Size: 732990 bytes
Desc: not available
URL: <http://pve.proxmox.com/pipermail/pve-user/attachments/20120613/989ac5db/attachment-0014.tiff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4885 bytes
Desc: not available
URL: <http://pve.proxmox.com/pipermail/pve-user/attachments/20120613/989ac5db/attachment-0014.bin>


More information about the pve-user mailing list