[PVE-User] quick urgent question re vlans in proxmox
Eneko Lacunza
elacunza at binovo.es
Wed Dec 3 12:42:18 CET 2014
Hi Lindsay,
I'm not a networking expert but will try to help...
On 03/12/14 11:25, Lindsay Mathieson wrote:
> We run all our windows dev, test and production servers on our proxmox
> servers, weekly onsite DR backups and monthly offsite DR backups.
>
> And we just got hammered with a root kit virus that is proving extremely
> difficult to remove.
>
> I'm proposing that we restore one by one from last month DR backups to a vlan
> tag of 1, check thats its clear, then change it to a vlan tag of 2.
>
> As you may have guessed, I'm a complete novice when it comes to stuff like
> vlans.
>
> - Is it sufficient to just set the vlan for a VM via the proxmox network
> device gui?
It should be enough.
> - will that isolate it from the main (infected) network?
Usually default vlan is 1, I suggest you don't use it for recovered and
uninfected VMs unless you are sure main network is on another VLAN.
> - can I keep the same subnet? (192.168.5.0)
Yes.
> - Will the VM's be able to access the outside internet?
If the network router is reachable on whatever VLAN you use for clean
VMs, yes.
I suggest you do the following check to be on the secure side:
(1) Recover a VM to a unused VLAN
(2) Ping an old and infected VM IP. No ping is good.
(3) Ping the network router. If you have to change things to make work
ping to router, recheck (2)
It could be challenging to configure the router so that it knows what
IPs are on what VLAN, never have done so. Otherwise you can try using a
different network.
Cheers
Eneko
--
Zuzendari Teknikoa / Director Técnico
Binovo IT Human Project, S.L.
Telf. 943575997
943493611
Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun (Gipuzkoa)
www.binovo.es
More information about the pve-user
mailing list