I have a server which has two NICs and both are directly connected to internet. I have five different public IP addresses available for the VMs. The host machine (Proxmox) doesn't need to use any (it'll use a private IP and that's all) but will have internet connection.
I've gone through the Proxmox documentation and I'm not able to understand the big picture to set up the right network configuration for my needs. In short, what I have is:
- One server (Proxmox, host machine)
- On that server, 5 VMs are created
- 5 public IP addresses available (one for each VM), let's say: 80.123.21.1, 80.123.21.2, 80.123.21.3, 80.123.21.4, 80.123.21.5
What I have now for the host is the following:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet manual
auto eth1
iface eth1 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.168.1.101
netmask 255.255.255.0
bridge_ports eth0
bridge_stp off
bridge_fd 0
auto vmbr1
iface vmbr1 inet manual
It can be reached from the internal network, so that's OK. It has internet connection, which is also OK. vmbr1 is going to be used by the VMs. Each VM will have its own IP on his network interfaces configuration file.
For some reason, VMs will not have internet and they won't be able to have public IP address. If I use NAT, it will work correctly, but they will not use the public allocated IP addresses for them. Am I missing something?
Best Answer
You don't need to assign it a public IP address, but you do need to assign eth1 to a bridge port and give the other bridge options.
If you're new to proxmox, the webui supports managing ethernet interfaces and bridges for you. It also prevents you from naming your bridges poorly (proxmox enforces a vmbrNNNN, where the Ns are a number between 0 and 4095).
The interfaces file requires you provide an IP address for any defined interface, so to convince it otherwise you can add a local IP and just leave it, or as in this example, tear it down right away after the interface finishes coming up:
Edit: Please edit your question if you are using any odd firewall rules that might block bridged traffic, and the value of
sysctl net.ipv4.ip_forward
.You may want to tcpdump -n -i ethN (the external outgoing interface) to verify your packets are travelling off your host node.