[PVE-User] Newbie question
Alain Péan
alain.pean at lpn.cnrs.fr
Thu Mar 6 21:04:00 CET 2014
Le 06/03/2014 19:29, Gilberto Nunes a écrit :
> I am using PVE here and host has two NIC, one for LAN and one for WAN,
> like that:
>
> eth0 - 172.172.10.5
>
> eth1 - 200.201.299.299 -------- > THAT'S THE WAN CONNECTION
>
>
> Ok...
>
> Now I install a VM under PVE that is a Firewall...
>
> And this Firewall has two nic too...
>
> Like that:
>
> eth0 - 172.172.10.254
>
> eth1 - 200.201.299.299 --------------> THAT'S THE WAN CONNECTION
>
> As you can see, I set the IP for eth1 twice: one for Proxmox Host and
> one for VM host...
>
> I don't know if this is a good practice...
>
> What the adviced for that??
>
No, that's a bat idea, as said previously by Gerald. You only need to
assign an IP address to a NIC if you want to have access to your proxmox
server using this address. That's good for eth0, it is your LAN, the one
you use to manage your Proxmox server. But I don't think you plan to
access your server from the WAN, that is Internet ? That would be a big
securuty risk...
You don't need any IP address on eth1. Just create a new bridge, vmbr1,
and assign it to eth1. Then your VM can have the IP address
200.201.249.249 (299 is not an allowed value for an IP), and you connect
the second NIC of your VM (its eth1) to this bridge, and the first to
vmbr0 (that is eth0 of the server).
Just give your VM eth1 network parameters with as gateway the IP of your
router for the WAN, and make sure it is accessible on your switch (VLAN
perhaps...) to eth1 (server).
But I am not sure it is a good idea to use a VM as a firewall. You want
to protect your LAN ? Where is your router ? Your firewall should be
between your router and the WAN.
Alain
More information about the pve-user
mailing list