[PVE-User] Newbie question
Gilberto Nunes
gilberto.nunes32 at gmail.com
Thu Mar 6 22:13:12 CET 2014
Thanks guys...
I will change the configuration... As I said, "newbie question"...
Thanks a lot
2014-03-06 17:04 GMT-03:00 Alain Péan <alain.pean at lpn.cnrs.fr>:
> Le 06/03/2014 19:29, Gilberto Nunes a écrit :
>
> I am using PVE here and host has two NIC, one for LAN and one for WAN,
>> like that:
>>
>> eth0 - 172.172.10.5
>>
>> eth1 - 200.201.299.299 -------- > THAT'S THE WAN CONNECTION
>>
>>
>> Ok...
>>
>> Now I install a VM under PVE that is a Firewall...
>>
>> And this Firewall has two nic too...
>>
>> Like that:
>>
>> eth0 - 172.172.10.254
>>
>> eth1 - 200.201.299.299 --------------> THAT'S THE WAN CONNECTION
>>
>> As you can see, I set the IP for eth1 twice: one for Proxmox Host and one
>> for VM host...
>>
>> I don't know if this is a good practice...
>>
>> What the adviced for that??
>>
>>
> No, that's a bat idea, as said previously by Gerald. You only need to
> assign an IP address to a NIC if you want to have access to your proxmox
> server using this address. That's good for eth0, it is your LAN, the one
> you use to manage your Proxmox server. But I don't think you plan to access
> your server from the WAN, that is Internet ? That would be a big securuty
> risk...
>
> You don't need any IP address on eth1. Just create a new bridge, vmbr1,
> and assign it to eth1. Then your VM can have the IP address 200.201.249.249
> (299 is not an allowed value for an IP), and you connect the second NIC of
> your VM (its eth1) to this bridge, and the first to vmbr0 (that is eth0 of
> the server).
> Just give your VM eth1 network parameters with as gateway the IP of your
> router for the WAN, and make sure it is accessible on your switch (VLAN
> perhaps...) to eth1 (server).
>
> But I am not sure it is a good idea to use a VM as a firewall. You want to
> protect your LAN ? Where is your router ? Your firewall should be between
> your router and the WAN.
>
> Alain
>
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>
--
Gilberto Ferreira
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20140306/c120009e/attachment.htm>
More information about the pve-user
mailing list