Proxmox network setup with multiple IPs on a single interface

proxmox-network.md

Proxmox network setup

Configuration for Proxmox host to support multiple IP addresses through a single interface.

Initial configuration

Initially, with a single IP and a single interface, the configuration looks like this.

auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
        address 1.2.3.51/29
        gateway 1.2.3.49
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
  
iface eno2 inet manual

Multiple IPs

Here, we have a single IP address attached to the eno1 interface, and a pull of 4 other IP addresses for VMs to use.

This is called "Routing Configuration": routing all traffic via a single interface. This makes sure that all network packets use the same MAC address.

auto lo
iface lo inet loopback

auto eno1
iface eno1 inet static
        address  1.2.3.51/29
        gateway  1.2.3.49
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up echo 1 > /proc/sys/net/ipv4/conf/eno0/proxy_arp
        # This line gets added for each additional public IP
        post-up ip neigh add proxy 1.2.3.52 dev eno1
        post-down ip neigh del proxy 1.2.3.52 dev eno1

auto vmbr0
iface vmbr0 inet static
        address 1.2.3.50/29
        bridge-ports none
        bridge-stp off
        bridge-fd 0
  
auto vmbr1
iface vmbr1 inet static
        address 172.16.100.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '172.16.100.0/24' -o eno1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '172.16.100.0/24' -o eno1 -j MASQUERADE

iface eno2 inet manual

Then reload the rules

ifrelaod -a

We now need a dhcp server that will allocate IP addresses to VMs attached to vmbr1 bridge.

apt-get update
apt-get install isc-dhcp-server

Edit /etc/default/isc-dhcp-server and change

INTERFACESv4="vmbr1"

Modify /etc/dhcp/dhcpd.conf file:

subnet 172.16.100.0 netmask 255.255.255.0 {
  range 172.16.100.3 172.16.100.254;
  option routers 172.16.100.1;
  option domain-name-servers 1.1.1.1, 8.8.8.8;
  default-lease-time 600;
  max-lease-time 7200;
}

Restart DHCP server

systemctl restart isc-dhcp-server

Creating VM with access to private network and accessible from Internet

To create a VM with access to both the private network and an external IP address, follow these steps:

1. Create a new virtual machine in Proxmox as you usually would, and configure the hardware resources as needed.

2. Add two network devices to the VM, one for each network:

   1. For the private network, add a network device (e.g., virtio or e1000) with the following settings:

      • Bridge: vmbr1
      • Model: Choose the appropriate model, such as virtio or e1000
      • VLAN Tag: Leave this field empty if you are not using VLANs

   2. For the external IP, add another network device with the following settings:

      • Bridge: vmbr0
      • Model: Choose the appropriate model, such as virtio or e1000
      • VLAN Tag: Leave this field empty if you are not using VLANs

3. Install the operating system on the VM.

4. Configure the networking settings within the VM:

   1. For the private network interface, assign an IP address within the 172.16.100.0/24 range (e.g., 172.16.100.10) and set the gateway to 172.16.100.1.
   2. For the external network interface, assign the public IP address 1.2.3.52 with the appropriate netmask (e.g., /29). Set the gateway to the public gateway IP, 1.2.3.49.

5. Save the network configuration and restart the VM's networking service, or reboot the VM to apply the changes.

Now the VM should be able to communicate with other VMs in the 172.16.100.0/24 range via the private network interface, and it should be accessible from the internet via the 1.2.3.52 IP address through the external network interface.