[PVE-User] Migration, venet and public IPs

Gerry Demaret ml at x-net.be
Thu Oct 4 17:54:16 CEST 2012

On 02/10/12 18:32, Patrice Levesque wrote:
> Might be a naïve idea, but maybe a DHCP server acting as a gateway,
> segregating each hostile-VM to its own VLAN might do the trick.
> You'll get NATed VMs (they won't appear to the internet and you won't
> need public IPs); you'll have total control of which VLANs can each VLAN
> access, etc.

That sounds rather unpractical and quite a lot of config for each VM.

I've been playing around but haven't found a suitable solution yet.
This is what I have now:

     default dev venet0 scope link
     venet0:0: (/26)

   routes dev venet0  scope link dev vmbr100  proto kernel scope link src
     default via dev vmbr100
     eth0: no ip address
     eth1: no ip address
     vmbr100: bridge containing eth1, ip address
     vmbr601: bridge containing eth0.601
     vmbr602: bridge containing eth0.602

   exactly the same, only another IP on vmbr100

( doesn't belong to me, it's an example)

The venet0:0 with IP should be connected to VLAN601
(vmbr601). What I want is the network connection in vz0 to work. What I
don't want is to add an IP address on vmbr601 since that would mean
loosing two IP addresses, one on host0 and one on host1 and exposing
them to the internet.

Basically, I think it should be fixable provided that I can add a route
to over eth0.601 on the host and set a default route to for traffic coming from the venet0 interface.

I think I have seen something like this being done in a Virtuozzo
environment, does anyone have a clue what I need to look into?



More information about the pve-user mailing list