Proxmox uses bridge networking to provide Internet access to virtual machines, but in a bridge networking you need a public IP for each machine. If you have limited IPs you can use NAT to access Internet on your machines. How ever it is preferable to have a static public IP if you are running public services like apache web server. Today we will see how to setup NAT on proxmox to provide private network for virtual machines.
Step 1: Create a bridge
Login to your proxmox host ssh, and run:
This is your network configuration file for proxmox, you might see one bridged interface already configured (bridged to your physical interface), paste following at the end of your configuration file
auto vmbr2 #private sub network iface vmbr2 inet static address 192.168.1.1 netmask 255.255.255.0 bridge_ports none bridge_stp off bridge_fd 0 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr1 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr1 -j MASQUERADE
- vmbr2 : This is the bridge name for NAT.
- vmbr1 : This is the interface that was already configured in your network file, adjust the name properly.
- 192.168.1.0/24 : This will be the network we are going to use in our internal network, our usable ips in this network will be:
- If you plan to use different network, you can use this site to get help.
- bridge_ports none : Bridge ports here is set to none, since we are not connecting to outside world directly.
You have successfully configured a NAT bridge.
Step 2: Bring up the NAT bridge
You can use this command to bring up the bridge you just created:
This will bring up the bridge.
Step 3: Configure Virtual Machine
As a final step configure your virtual machine to use IP address, since DHCP is not present you will have to manually set IP address. Depending upon your OS you can use following details:
- IP : 192.168.1.2
- Gateway : 192.168.1.1
- Netmask : 255.255.255.0
For further virtual machines you can use these ips:
- ..upto 254
For DNS you can use google DNS
Step 4 : (Optional) Port forwarding to access from outside world
I am assuming you are working with linux guest. We will access ssh of our guest through public IP of main server.
Run this on proxmox host, we are forwarding host port 3033 to guest port 22. (SSH runs on 22)
iptables -t nat -A PREROUTING -i vmbr1 -p tcp --dport 3033 -j DNAT --to 192.168.1.2:22
Then run following to access guest SSH.
ssh -p 3033 firstname.lastname@example.org
It will ask for the password, once provided you will be successfully connected to guest SSH.