[PVE-User] quick urgent question re vlans in proxmox
elacunza at binovo.es
Wed Dec 3 12:51:35 CET 2014
Another thing you can do is to use NAT networking. That would allow
On 03/12/14 12:42, Eneko Lacunza wrote:
> Hi Lindsay,
> I'm not a networking expert but will try to help...
> On 03/12/14 11:25, Lindsay Mathieson wrote:
>> We run all our windows dev, test and production servers on our proxmox
>> servers, weekly onsite DR backups and monthly offsite DR backups.
>> And we just got hammered with a root kit virus that is proving extremely
>> difficult to remove.
>> I'm proposing that we restore one by one from last month DR backups
>> to a vlan
>> tag of 1, check thats its clear, then change it to a vlan tag of 2.
>> As you may have guessed, I'm a complete novice when it comes to stuff
>> - Is it sufficient to just set the vlan for a VM via the proxmox network
>> device gui?
> It should be enough.
>> - will that isolate it from the main (infected) network?
> Usually default vlan is 1, I suggest you don't use it for recovered
> and uninfected VMs unless you are sure main network is on another VLAN.
>> - can I keep the same subnet? (192.168.5.0)
>> - Will the VM's be able to access the outside internet?
> If the network router is reachable on whatever VLAN you use for clean
> VMs, yes.
> I suggest you do the following check to be on the secure side:
> (1) Recover a VM to a unused VLAN
> (2) Ping an old and infected VM IP. No ping is good.
> (3) Ping the network router. If you have to change things to make work
> ping to router, recheck (2)
> It could be challenging to configure the router so that it knows what
> IPs are on what VLAN, never have done so. Otherwise you can try using
> a different network.
Zuzendari Teknikoa / Director Técnico
Binovo IT Human Project, S.L.
Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun (Gipuzkoa)
More information about the pve-user