[PVE-User] quick urgent question re vlans in proxmox

Eneko Lacunza elacunza at binovo.es
Wed Dec 3 12:42:18 CET 2014


Hi Lindsay,

I'm not a networking expert but will try to help...

On 03/12/14 11:25, Lindsay Mathieson wrote:
> We run all our windows dev, test and production servers on our proxmox
> servers, weekly onsite DR backups and monthly offsite DR backups.
>
> And we just got hammered with a root kit virus that is proving extremely
> difficult to remove.
>
> I'm proposing that we restore one by one from last month DR backups to a vlan
> tag of 1, check thats its clear, then change it to a vlan tag of 2.
>
> As you may have guessed, I'm a complete novice when it comes to stuff like
> vlans.
>
> - Is it sufficient to just set the vlan for a VM via the proxmox network
> device gui?

It should be enough.

> - will that isolate it from the main (infected) network?
Usually default vlan is 1, I suggest you don't use it for recovered and 
uninfected VMs unless you are sure main network is on another VLAN.
> - can I keep the same subnet? (192.168.5.0)
Yes.
> - Will the VM's be able to access the outside internet?
If the network router is reachable on whatever VLAN you use for clean 
VMs, yes.

I suggest you do the following check to be on the secure side:

(1) Recover a VM to a unused VLAN
(2) Ping an old and infected VM IP. No ping is good.
(3) Ping the network router. If you have to change things to make work 
ping to router, recheck (2)

It could be challenging to configure the router so that it knows what 
IPs are on what VLAN, never have done so. Otherwise you can try using a 
different network.

Cheers
Eneko

-- 
Zuzendari Teknikoa / Director T├ęcnico
Binovo IT Human Project, S.L.
Telf. 943575997
       943493611
Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun (Gipuzkoa)
www.binovo.es




More information about the pve-user mailing list