[PVE-User] How to add a second router to same Proxmox server?

Lutz Willek l.willek at science-computing.de
Mon Jun 18 22:17:11 CEST 2012 

Hey Bruce,

Am 13.06.2012 20:14, schrieb Guy:
> ok let see if I can be clearer now that I'm reading this on a bigger
> screen :)

same here...

> Your ISP has given you a second routable block of IPs...
> On the proxmox side... you can create "Bridge" interfaces and not give
> the proxmox an IP on it. This is by far the best way. Just create a
> bunch of VLANS and then create the bridge interfaces inside proxmox, and
> push then to the correct VM image. On my Proxmox system I have this..

We have nearly the same situation, but the proxmox servers have to take 
care of the vlans, because we do not use "port based vlans" on the 
switches for the proxmox servers. (in fact we have no more free ports on 
the switches...)

Bruce, you can easily adapt this configuration, just define two vlans on 
the pfsense side to the same port. (vlan10 and vlan20 to LAN-1)

Here is my configuration, we use three vlans on the internal LAN.

> # File: /etc/network/interfaces
> # network interface settings
>
> # NOTE 1:
> # The Names of the network interfaces are set in File
> # "/etc/udev/rules.d/70-persistent-net.rules". So if
> # you wundering about missing interfaces
> # take a look at this file
>
> # NOTE 2:
> # You must bring eth0 up before you can create vlan10,
> # and you must bring vlan10 up before you can
> # attach it to the bridge interface.
> # (same for the other interfaces/vlans/bridges)
>
> # Note 3: we use vlans:
> # Do not forget to load module 8021q (into /etc/modules)
> # read http://www.linux-magazin.de/layout/set/print/content/view/full/561
> #    egrep -v '^$|^#' /etc/modules
> #    8021q
> #
> # Note 4:
> # LAN uses VLANs here:
> #   * Configure IP addresses of the server on appropriate bridge
> #   * NOT ontop the interfaces!
> #   * NOT ontop of the vlans!
>
> # manage interfaces (take care to Note 2)
> auto lo eth0 eth1 vlan10 vlan20 vlan30 vmbr0 vmbr10 vmbr20 vmbr30
>
> # Localhost loopback
> iface lo inet loopback
>
> # external interface (bridged)
> iface eth0 inet manual
>         up ifconfig eth0 up
>         down ifconfig eth0 down
>
> # internal interface (used in vlans and bridged)
> iface eth1 inet manual
>         up ifconfig eth1 up
>         down ifconfig eth1 down
>
> # VLAN 10 (internal network 1) (i.e. MY network)
> iface vlan10 inet manual
>         vlan-raw-device eth1
>         up ifconfig vlan10 up
>         down ifconfig vlan10 down
>
> # VLAN 20 (internal network 2)
> iface vlan20 inet manual
>         vlan-raw-device eth1
>         up ifconfig vlan20 up
>         down ifconfig vlan20 down
>
> # VLAN 30 (internal network 3)
> iface vlan30 inet manual
>         vlan-raw-device eth1
>         up ifconfig vlan30 up
>         down ifconfig vlan30 down
>
> # WAN-side bridge
> iface vmbr0 inet manual
>         bridge_ports eth0
>         bridge_stp off
>         bridge_fd 0
>
> # bridge to internal network 1
> iface vmbr10 inet static
>         bridge_ports vlan10
>         bridge_stp off
>         bridge_fd 0
>         address 192.168.XXX.XXX
>         netmask 255.255.255.XXX
>         gateway 192.168.XXX.XXX
>
> # bridge to internal network 2
> iface vmbr20 inet manual
>         bridge_ports vlan20
>         bridge_stp off
>         bridge_fd 0
>
> # bridge to internal network 3
> iface vmbr30 inet manual
>         bridge_ports vlan30
>         bridge_stp off
>         bridge_fd 0
>
> ## EOF
> #
> ## Example: simple KVM bridge via interface eth1
> #iface vmbr0 inet static
> #       address  1.2.3.4
> #       netmask  255.255.255.128
> #       gateway  1.2.3.1
> #       bridge_stp off
> #       bridge_fd 0
> #       bridge_ports eth1
> #       pre-up ifup eth1
> #       post-down ifdown eth1
> #
> ## Example: KVM bridge ipv6 settings, via eth1
> #iface vmbr0 inet6 static
> #       address <...>
> #       netmask 64
> #       gateway <...>
> #
> ## Example: KVM bridge vmbr10 via vlan10
> #iface vmbr10 inet static
> #       bridge_ports vlan10
> #       address  1.2.3.4
> #       netmask  255.255.255.248
> #       gateway  1.2.3.1
> #       bridge_stp off
> #       bridge_fd 0
> #       pre-up ifup vlan10
> #       post-down ifdown vlan10
> #
> ## Example: KVM bridge vmbr777 via vlan777, NAT
> ## Note: DO NOT use this configuration on clustered machines
> #iface vmbr777 inet static
> #       address  192.168.1.1
> #       netmask  255.255.255.0
> #       bridge_stp off
> #       bridge_fd 0
> #       bridge_ports vlan777
> #       pre-up ifup vlan777
> #       post-up echo 1 > /proc/sys/net/ipv4/ip_forward
> #       post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE || true
> #       post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE || true
> #       post-down ifdown vlan777

Freundliche Grüße / Best Regards

         Lutz Willek

-- 
________________________________creating IT solutions
Lutz Willek                     science + computing ag
Senior Systems Engineer         Geschäftsstelle Berlin
IT Services Berlin              Friedrichstraße 187
phone +49(0)30 2007697-21       10117 Berlin, Germany
fax   +49(0)30 2007697-11       www.science-computing.de
-- 
Vorstandsvorsitzender/Chairman of the board of management:
Gerd-Lothar Leonhart
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Michael Heinrichs, 
Dr. Arno Steitz, Dr. Ingrid Zech
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Philippe Miltin
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196

More information about the pve-user mailing list