Another thing you can do is to use NAT networking. That would allow
internet access.
On 03/12/14 12:42, Eneko Lacunza wrote:
Hi Lindsay,
I'm not a networking expert but will try to help...
On 03/12/14 11:25, Lindsay Mathieson wrote:
We run all our windows dev, test and production servers on our proxmox
servers, weekly onsite DR backups and monthly offsite DR backups.
And we just got hammered with a root kit virus that is proving extremely
difficult to remove.
I'm proposing that we restore one by one from last month DR backups
to a vlan
tag of 1, check thats its clear, then change it to a vlan tag of 2.
As you may have guessed, I'm a complete novice when it comes to stuff
like
vlans.
- Is it sufficient to just set the vlan for a VM via the proxmox network
device gui?
It should be enough.
- will that isolate it from the main (infected) network?
Usually default vlan is 1, I suggest you don't use it for recovered
and uninfected VMs unless you are sure main network is on another VLAN.
- can I keep the same subnet? (192.168.5.0)
Yes.
- Will the VM's be able to access the outside internet?
If the network router is reachable on whatever VLAN you use for clean
VMs, yes.
I suggest you do the following check to be on the secure side:
(1) Recover a VM to a unused VLAN
(2) Ping an old and infected VM IP. No ping is good.
(3) Ping the network router. If you have to change things to make work
ping to router, recheck (2)
It could be challenging to configure the router so that it knows what
IPs are on what VLAN, never have done so. Otherwise you can try using
a different network.
Cheers
Eneko
--
Zuzendari Teknikoa / Director Técnico
Binovo IT Human Project, S.L.
Telf. 943575997
943493611
Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun (Gipuzkoa)
www.binovo.es
_______________________________________________
pve-user mailing list
[email protected]
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
