Wiki

User Tools

Site Tools

Trace: example_attacks common_network_ports setting_up_hsts_in_nginx scan_for_wifi_connections install_a_full_secure_mail_server add_a_cache_drive_to_a_pool tune_the_system change_mouse_sensitivity restart_a_container bridged_vm_traffic
proxmox:networking:bridged_vm_traffic

This is an old revision of the document!

Table of Contents

Proxmox - Networking - Bridged VM Traffic

Used to directly connect the VMs to the network.

If there is two or more network cards in your system, then it is recommended to use a different network card for the VMs to separate the guest traffic from the management traffic.

Create a bridged network

To create a bridged network, create a virtual network card.

ssh into the Proxmox server. 

vi /etc/network/interfaces

Add a new virtual network interface by adding those lines:

/etc/network/interfaces
auto vmbr1
iface vmbr1 inet manual
 bridge_ports eth1
 bridge_stp off
 bridge_fd 0

NOTE: This will create vmbr1 which is bound to the eth1 interface.

  • An IP address is not assigned to the eth1 or the vmbr1 interface.
  • This way, the guest VMs are not able to connect to the host directly.

Only a single interface

If you have no separate interface, you can either bound the virtual network card to the available interface like this:

/etc/network/interfaces
auto eth0
iface eth0 inet static
 
auto vmbr1
iface vmbr1 inet static
 address 10.3.5.1
 netmask 255.255.255.0
 bridge_ports eth0
 bridge_stp off
 bridge_fd 0

NOTE: An IP address has to be assigned to vmbr1 which is used for eth0.

Using a VLAN

A VLAN can be used to separate the traffic, even if there is only one network interface.

This can be configured this way:

</code> auto vmbr1 iface vmbr1 inet manual bridge_ports eth0.10 bridge_stp off bridge_fd 0 </code>

NOTE: Creating vmbr1 and binding it to eth0.10 will create the tagged VLAN 10 on eth0.

  • Ensure that the Switch port is configured with the same setting.
  • All VMs bound to this virtual bridge interface, will be placed into VLAN 10.

Final Resulting file

/etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
 
auto lo
iface lo inet loopback
 
iface enp3s0 inet manual
 
iface enp11s0f0 inet manual
 
iface enp11s0f1 inet manual
 
iface enp11s0f2 inet manual
 
iface enp11s0f3 inet manual
 
auto vmbr0
iface vmbr0 inet static
        address 192.168.1.95/24
        gateway 192.168.1.1
        bridge-ports enp3s0
        bridge-stp off
        bridge-fd 0
 
auto vmbr1
iface vmbr1 inet manual
        bridge-ports enp11s0f0 enp11s0f1 enp11s0f2 enp11s0f3
        bridge-stp off
        bridge-fd 0
proxmox/networking/bridged_vm_traffic.1624104538.txt.gz · Last modified: 2021/06/19 12:08 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki