The Scenario
The following drawing provides a quick overview of the infrastructure that will be used to perform our tests.
Click to enlarge picture
In our scenario, we will have to configure a ProxMox VE host equipped with 2 network Cards (eth0 and eth1). One of the network card will be dedicated to the the “management network”. The management network will be simply the network where the Proxmox VE Host will be located.
The remaining network card will be dedicated to the virtual machines traffic (see drawing above). We will call this network “Production network”. The production network will be configured with 2 different VLANs (Vlan 20 and Vlan 30). We will be using the following ip scheme for this example.
- Management network : 192.168.1.0/24
- VLAN 20 network: 192.168.20.0/24
- VLAN 30 network : 192.168.30.0/24
Final Words
I hope that this post has demonstrate how you could implement VLAN configuration with Proxmox VE. As you have seen, you can configure your Proxmox VE host to support VLAN by simply using the Web Gui Interfaces. For more advanced scenario, you might want to edit the /etc/network/interfaces file and update it accordingly. Again, I would like to outline that I didn’t fully check and test this configuration because I do not have the adequate equipment right now (I’m traveling and I’m in a room hotel with basically 1 laptop…) but based on the information found in the Proxmox VE web site, this configuration should be working.
Finally, note also that if you are using a vlan capable switch you might need to configure it to have it working with your Proxmox VE Vlan configuration (creating VLAN and Port Trunking at the switch level)
Now, It’s your turn to test it. (and let me know if it’s working)
Till next time
See ya
Сохранение правил файрвола
Если все верно — остается сделать так, чтобы при перезагрузке правила восстанавливались. Для этого можно воспользоваться iptables-save и скриптами инициализации сети.
iptables-save > /etc/iptables.up.rules
Создадим скрипт загрузки правил:
nano /etc/network/if-pre-up.d/iptables
И впишем в него команду загрузки правил из сохраненного ранее файла:
#!/bin/bash /sbin/iptables-restore < /etc/iptables.up.rules
Не забудем дать права на исполнение этому файлу:
chmod +x /etc/network/if-pre-up.d/iptables
Более простой альтернативой будет установка пакета iptables-persistent , который сам будет сохранять правила при выключении или перезагрузке, а при загрузке загружать их снова. Более подробно — здесь (англ).
Все. Проброс портов работает.
Test your configuration
At this stage, your ProxMox VE host configuration should be ready. You still need to configure your switch with the VLAN information and trunking ports (if needed). This is not the purpose of this post. If you have no switch configured, you will notice that virtual machines in VLAN 20 will not be able to ping (or connect) to virtual machines located on the VLAN 30 or even to the management network. If you need to route traffic between vlans and you do not have a vlan capable switch, you can always create a virtual machine (with multiple networks interface) and configure it to act as a router.
If you perform some basic tests, (ping between vlans), you should have traffic passing through the different Vlans.
