Greetings, Steven.
Hi,I have been perusing various articles ( including WIKI) with no luck so I am hoping Proxmox friendly community will be able to shed some light I am sure other people ran into this issue as it is the best way to accomplish a secure implementation The gist of the issue is how to deploy many VMs with Internet access on a cluster in a secure manner when you have only x public IPs ? The answer is to use a private lan and internal virtual firewall ( like Vyatta) How exactly can this be done in proxmox ( I did it using VMWare) details 4 servers, 2 NICs each eth0 physically connected to DMZ ( no IP allocated as we do not want anyone to access our hosts) eth1 - bridge (vmbr0) configured , private IP allocated and used for host and storage management ( 192.168.192.0/24) Goal configure a private lan for the VMs on vmbr0 (172.31.255.0/24) I am assuming this can be accomplished by using a vlan and adding something like this in /etc/network/interfaces and adding the vlan to the physical switch auto vlan53 iface vlan53 inet manual vlan_raw_device eth1 configure/add a bridge (vmbr1) on eth0 that will allow external access all VMs that need external access will have their interface using vmbr1 and a "public" IP
If your internal ethernet/bond have a good bandwith to support both subnets, you can do it. Two VLANs, one pointing to storage area, the other pointing to private LAN.
Your VM that allocate Vyatta/VyOS must have one vNIC per VLAN: DMZ, storage and private LAN.
-- ===================================== Lic. Hector Suarez Planas Administrador Nodo CODESA Santiago de Cuba ------------------------------------- Blog: http://nihilanthlnxc.cubava.cu/ ICQ ID: 681729738 Conferendo ID: hspcuba ===================================== _______________________________________________ pve-user mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
