This time, I would like to show how Proxmox networking configuration can be configured. In my last post, I showed, how to install Proxmox and get ready to create VM’s. I will show a typical configuration, which I always use. The official documentation can be found here:
I will show, how to configure the network connection for the Proxmox host itself and how to separate the VM traffic from the host traffic using VLAN’s.
Proxmox Networking: Management Traffic
To use the Proxmox host, you must be able to manage it somehow. If you have only one network interface, as I in my test lab, you can use the native network interface for the management and guest traffic. There is no spacial configuration needed. If yo have more than one network card I would recommend to use one for the host management and the other(s) network card(s) for the guest traffic.
Proxmox Networking: Bridged VM Traffic
This type is used to directly connect the VM’s to your network. If you have two or more network cards in your system, you should use a different network card then the one used for management traffic to separate the guest traffic from the management traffic.
To create a bridged networking, you have to create a virtual network card. You can use the web GUI of Proxmox for this, but I prefer to use the CLI. Login to your host, using ssh and open this file:
vi /etc/network/interfacesJust create a new virtual network interface by adding those lines:
auto vmbr1
iface vmbr1 inet manual
bridge_ports eth1
bridge_stp off
bridge_fd 0This will create “vmbr1” which is bound to the “eth1” interface. I will not assign an IP address to the “eth1” or the “vmbr1” interface. This way, the guest VM’s are not able to connect to the host directly.
If you have no separate interface, you can either bound the virtual network card to the available interface like this:
auto eth0
iface eth0 inet static
auto vmbr1
iface vmbr1 inet static
address 10.3.5.1
netmask 255.255.255.0
bridge_ports eth0
bridge_stp off
bridge_fd 0You have to assign the IP address which is used for “eth0″ to vmbr1”.
You can also use VLAN’s to separate the traffic, even if you only have one network interface. This can be configured this way:
auto vmbr1
iface vmbr1 inet manual
bridge_ports eth0.10
bridge_stp off
bridge_fd 0Creating “vmbr1” and binding it to “eth0.10” will create the tagged VLAN 10 on “eth0”. You have to configure the Switch port with the same setting. All VM’s bound to this virtual bridge interface, will be placed into VLAN 10.
Proxmox Networking: Host Only Network
If you need to connect VM’s directly on the host, without sending the traffic to the external world, you can use host only networks. You have to create another virtual bridge interface, but this time, you did not have to bind it to a physical network interface.
Open this file again:
vi /etc/network/interfacesAdd the following lines to the file:
auto vmbr1
iface vmbr1 inet static
bridge_ports none
bridge_stp off
bridge_fd 0All VM’s connected to this interface will be able to talk to each other. They will not be able to connect to the external world using this interface.
Proxmox Networking: Routed Networking
If you would like to hide your VM’s behind the host IP you can use a routed networking configuration. You have to create another virtual network interface and enable routing on this interface.
Open this file again:
vi /etc/network/interfacesWhen working with a routed configuration, you need to enable proxy arp on the outgoing interface. In my scenario, this is “eth0”:
auto eth0
iface eth0 inet static
post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arpTo create the virtual interface and enable routing add those lines:
auto vmbr1
iface vmbr1 inet static
address 10.3.5.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forwardThe last line will enable routing on the interface. With this configuration the VM traffic will routed using the routing table of the host. The outside world needs to know, how to reach the “10.3.5.0/24” subnet. To avoid working with static routes, you could NAT the traffic. This will hide the “10.3.5.0/24” subnet behind the IP address of the Proxmox host. To enable the NAT function add those lines to the virtual network interface:
post-up iptables -t nat -A POSTROUTING -s '10.3.5.0/24' -o eth0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.3.5.0/24' -o eth0 -j MASQUERADEThis will enable the NAT function for the internal network “10.3.5.0/24” by using “eth0” as the egress network.
From my point of view, this describes the three main Proxmox networking options. There are other options, e.g. using a virtual switch or router on the host.