[PVE-User] quick urgent question re vlans in proxmox

Eneko Lacunza elacunza at binovo.es
Wed Dec 3 12:51:35 CET 2014


Another thing you can do is to use NAT networking. That would allow 
internet access.

On 03/12/14 12:42, Eneko Lacunza wrote:
> Hi Lindsay,
>
> I'm not a networking expert but will try to help...
>
> On 03/12/14 11:25, Lindsay Mathieson wrote:
>> We run all our windows dev, test and production servers on our proxmox
>> servers, weekly onsite DR backups and monthly offsite DR backups.
>>
>> And we just got hammered with a root kit virus that is proving extremely
>> difficult to remove.
>>
>> I'm proposing that we restore one by one from last month DR backups 
>> to a vlan
>> tag of 1, check thats its clear, then change it to a vlan tag of 2.
>>
>> As you may have guessed, I'm a complete novice when it comes to stuff 
>> like
>> vlans.
>>
>> - Is it sufficient to just set the vlan for a VM via the proxmox network
>> device gui?
>
> It should be enough.
>
>> - will that isolate it from the main (infected) network?
> Usually default vlan is 1, I suggest you don't use it for recovered 
> and uninfected VMs unless you are sure main network is on another VLAN.
>> - can I keep the same subnet? (192.168.5.0)
> Yes.
>> - Will the VM's be able to access the outside internet?
> If the network router is reachable on whatever VLAN you use for clean 
> VMs, yes.
>
> I suggest you do the following check to be on the secure side:
>
> (1) Recover a VM to a unused VLAN
> (2) Ping an old and infected VM IP. No ping is good.
> (3) Ping the network router. If you have to change things to make work 
> ping to router, recheck (2)
>
> It could be challenging to configure the router so that it knows what 
> IPs are on what VLAN, never have done so. Otherwise you can try using 
> a different network.
>
> Cheers
> Eneko
>


-- 
Zuzendari Teknikoa / Director T├ęcnico
Binovo IT Human Project, S.L.
Telf. 943575997
       943493611
Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun (Gipuzkoa)
www.binovo.es




More information about the pve-user mailing list