Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


[$5] Proxmox networking issue [SOLVED]
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

[$5] Proxmox networking issue [SOLVED]

stefemanstefeman Member
edited April 2018 in Help

this is my allocated subnet
creation of any VM requires bridge on proxmox 5.1
I dont have any bridge. How do I proceed
I would need to have a situation where I can assign 173.208.152.27 - 173.208.152.30 to 4 different VPSs each having unique IP
173.208.152.26 is host node /Proxmox IP

This is my: /etc/network/interfaces

auto lo
iface lo inet loopback

allow-hotplug eth1

iface eth1 inet static
        address  173.208.152.26
        netmask  255.255.255.248
        gateway  173.208.152.25
        broadcast  173.208.152.31
        network 173.208.152.24
        dns-nameservers 127.0.0.1
        dns-search nocix.net
# dns-* options are implemented by the resolvconf package, if installed

iface eth0 inet manual

@Dedispec xD

Comments

  • Good except, I can't assign MAC addresses with dedispec.

  • stefemanstefeman Member
    edited April 2018

    Ok, so which one is correct then?

    auto lo
    iface lo inet loopback
    
    allow-hotplug eth1
    
    iface eth1 inet static
            address  173.208.152.26
            netmask  255.255.255.248
            gateway  173.208.152.25
            broadcast  173.208.152.31
            network 173.208.152.24
            dns-nameservers 127.0.0.1
            dns-search nocix.net
    # dns-* options are implemented by the resolvconf package, if installed
    
    iface eth0 inet manual
    
    # for single IPs
    auto vmbr0
    iface vmbr0 inet static
           address  173.208.152.26
           netmask  255.255.255.248
           bridge_ports none
           bridge_stp off
           bridge_fd 0
           up ip route add 173.208.152.27/32 dev vmbr0
    
    auto vmbr1
    iface vmbr1 inet static
           address  173.208.152.26
           netmask  255.255.255.248
           bridge_ports none
           bridge_stp off
           bridge_fd 0
           up ip route add 173.208.152.28/32 dev vmbr0
    
    auto vmbr2
    iface vmbr2 inet static
           address  173.208.152.26
           netmask  255.255.255.248
           bridge_ports none
           bridge_stp off
           bridge_fd 0
           up ip route add 173.208.152.29/32 dev vmbr0
    
    auto vmbr3
    iface vmbr3 inet static
           address  173.208.152.26
           netmask  255.255.255.248
           bridge_ports none
           bridge_stp off
           bridge_fd 0
           up ip route add 173.208.152.30/32 dev vmbr0
    

    or

    allow-hotplug eth1
    
    iface eth1 inet static
            address  173.208.152.26
            netmask  255.255.255.248
            gateway  173.208.152.25
            broadcast  173.208.152.31
            network 173.208.152.24
            dns-nameservers 127.0.0.1
            dns-search nocix.net
    # dns-* options are implemented by the resolvconf package, if installed
    
    iface eth0 inet manual
    
    # for single IPs
    auto vmbr0
    iface vmbr0 inet static
           address  173.208.152.26
           netmask  255.255.255.248
           bridge_ports none
           bridge_stp off
           bridge_fd 0
           up ip route add 173.208.152.27/32 dev vmbr0
           up ip route add 173.208.152.28/32 dev vmbr0
           up ip route add 173.208.152.29/32 dev vmbr0
           up ip route add 173.208.152.30/32 dev vmbr0
    
  • YokedEggYokedEgg Member
    edited April 2018

    For dedispec or nocix you can just add them all on their own individual bridges, you don't have to do it like ovh or hetzner. It's much easier imo.

  • @Basil wins the 5 USD price. PM me your paypal

    Here is the correct config for dedicated server:

    auto lo
    iface lo inet loopback
    
    allow-hotplug eth1
    
    iface eth1 inet manual
    
    iface eth0 inet manual
    
    auto vmbr0
    iface vmbr0 inet static
           address  173.208.152.26
           netmask  255.255.255.248
           gateway  173.208.152.25
           broadcast  173.208.152.31
           network 173.208.152.24
           bridge_ports eth1
           bridge_stp off
           bridge_fd 0
    

    And this is for the VM1 that uses .27 address

  • FalzoFalzo Member

    @stefeman said:
    @Basil wins the 5 USD price. PM me your paypal

    while this might work, be aware that it allows hijacking of the other IPs from that subnet on the guest VM. so if your clients are able to sudo/have elevated access, this config might impowse a risk of having them simply change the last octet and reboot.

    afaik using a separate bridge per IP (like in the first config you postet) should prevent that, but I am uncertain if you'd not also need to use /32 subnet mask and pointopoint on top to ensure narrowed routing.

  • @Falzo said:

    @stefeman said:
    @Basil wins the 5 USD price. PM me your paypal

    while this might work, be aware that it allows hijacking of the other IPs from that subnet on the guest VM. so if your clients are able to sudo/have elevated access, this config might impowse a risk of having them simply change the last octet and reboot.

    afaik using a separate bridge per IP (like in the first config you postet) should prevent that, but I am uncertain if you'd not also need to use /32 subnet mask and pointopoint on top to ensure narrowed routing.

    Yeah, bridges are what you need to use op.

  • gattyttogattytto Member
    edited April 2018

    this is not the way to use bridges in proxmox, it actually is a default configuration which is not using the full potential of openvswitch-switch package in proxmox.

    you should give the eth1 back its public ip, and setup vmbr0 in your /etc/network/interfaces like:

    auto vmbr0
    iface vmbr0 inet static
        address  10.0.1.1
        netmask  255.255.255.0
        ovs_type OVSBridge
        ovs_ports int1
    
    allow-vmbr0 int1
    iface int1 inet static
        address  10.0.1.2
        netmask  255.255.255.0
        ovs_type OVSIntPort
        ovs_bridge vmbr0
    

    this will allow you to setup a dhcp server in vmbr0 BRIDGE, to which inside-proxmox network clients (vm's) will ask for new ip's (inside the local .c network 10.0.1.x or whatever you set it to be), through int1 which is the link between the host, through the Bridge, to vm's networking space.

    this will also allow to setup a networking router in the host, like shorewall, that can also be used to allow traffic into the clients local ip's, and then you can also add secondary interfaces to the vm's (as eth1, eth0 being 10.0.1.x clients face), to assign public static ip's to the vm's. then you might have to allow the traffic in the host firewall.

    bridges are not for holding your ip's, they are for bridging traffic between interfaces.

Sign In or Register to comment.