Thanks guys... I will change the configuration... As I said, "newbie question"...
Thanks a lot 2014-03-06 17:04 GMT-03:00 Alain Péan <[email protected]>: > Le 06/03/2014 19:29, Gilberto Nunes a écrit : > > I am using PVE here and host has two NIC, one for LAN and one for WAN, >> like that: >> >> eth0 - 172.172.10.5 >> >> eth1 - 200.201.299.299 -------- > THAT'S THE WAN CONNECTION >> >> >> Ok... >> >> Now I install a VM under PVE that is a Firewall... >> >> And this Firewall has two nic too... >> >> Like that: >> >> eth0 - 172.172.10.254 >> >> eth1 - 200.201.299.299 --------------> THAT'S THE WAN CONNECTION >> >> As you can see, I set the IP for eth1 twice: one for Proxmox Host and one >> for VM host... >> >> I don't know if this is a good practice... >> >> What the adviced for that?? >> >> > No, that's a bat idea, as said previously by Gerald. You only need to > assign an IP address to a NIC if you want to have access to your proxmox > server using this address. That's good for eth0, it is your LAN, the one > you use to manage your Proxmox server. But I don't think you plan to access > your server from the WAN, that is Internet ? That would be a big securuty > risk... > > You don't need any IP address on eth1. Just create a new bridge, vmbr1, > and assign it to eth1. Then your VM can have the IP address 200.201.249.249 > (299 is not an allowed value for an IP), and you connect the second NIC of > your VM (its eth1) to this bridge, and the first to vmbr0 (that is eth0 of > the server). > Just give your VM eth1 network parameters with as gateway the IP of your > router for the WAN, and make sure it is accessible on your switch (VLAN > perhaps...) to eth1 (server). > > But I am not sure it is a good idea to use a VM as a firewall. You want to > protect your LAN ? Where is your router ? Your firewall should be between > your router and the WAN. > > Alain > > _______________________________________________ > pve-user mailing list > [email protected] > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > -- Gilberto Ferreira
_______________________________________________ pve-user mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
