Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Proxmox on BuyVM -> Routing
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Proxmox on BuyVM -> Routing

i have a buyVM instance and Proxmox installed, VMs work fine but as they use Mac filtering i can't just use bridged.

Ideally i want to not use internal IPs and a VM/iptables, but i am fine with eg. one bridge per IP (so one bridge per VM).

Happy to pay some dollar for a solution so i don't need to look into it :)

Comments

  • RickBakkrRickBakkr Member, Patron Provider, LIR

    Presume you are wanting to use additional IPs on VMs/CTs? Won't proxy arp and routing it over your bridge work just fine for your use case?

  • AbdAbd Member, Patron Provider

    ProxCP

  • I think you could set up a routed bridge and use your hostnodes IP as gateway for the guests...

  • Mr_TomMr_Tom Member, Host Rep
    edited October 2020

    Use a routed and a pointtopoint setup - I've found that to work with additional IPs on servers as opposed additional subnets.

    I've used a setup like this in the past.

    Host:

    allow-hotplug eth0
    iface eth0 inet static
        address 12.23.34.45/25
        gateway 12.23.34.1
        dns-nameservers ip1 ip2
        dns-search domain.com
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
    
    auto vmbr0
    iface vmbr0 inet static
        address 12.23.34.45/25
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        up ip route add 11.222.333.441/32 dev vmbr0 #additional IP 1
        up ip route add 11.222.333.442/32 dev vmbr0 #additional IP 2
        up ip route add 11.222.333.443/32 dev vmbr0 #additional IP 3
    

    Guest

    auto ens18
    iface ens18 inet static
        address 11.222.333.441
        netmask 255.255.255.255
        pointopoint 12.23.34.45
        gateway 12.23.34.45
    

    Not sure how "correct" this is but it works.

    Thanked by 1Falzo
  • FranciscoFrancisco Top Host, Host Rep, Veteran

    I wonder if you could use ebtables to do "MAC address NAT".

    It's a thing.

    Francisco

    Thanked by 2Abd dragonfsky
  • AbdAbd Member, Patron Provider

    @Francisco said:
    I wonder if you could use ebtables to do "MAC address NAT".

    nice..now just need a hint for implementing it & this is my next project.

    Thanks.

  • FranciscoFrancisco Top Host, Host Rep, Veteran
    edited October 2020

    @Abdullah7310 said:

    @Francisco said:
    I wonder if you could use ebtables to do "MAC address NAT".

    nice..now just need a hint for implementing it & this is my next project.

    Thanks.

    You could probably just do:

    ebtables -t nat -A PREROUTING -i eth0 -j dnat --to-destination 00:11:22:33:44:55
    

    You'd change eth0 to whatever your main interface is, and you want to change the 00:11:22:33:44:55 to whatever the MAC for that interface is.

    Make sure you modprobe br_netfilter as well.

    Francisco

    Thanked by 3simonindia Abd atomi
  • @Mr_Tom said:

    Not sure how "correct" this is but it works.

    I'd consider this very 'correct' ... shows exactly what I meant.
    you might not even need the proxy_arp thing, but the host route aka pointopoint thing is what makes it happen.
    essentially your hostnode being the gateway in a routed setup solves the mac-filter issue ;-)

    Thanked by 1Mr_Tom
  • tjntjn Member
    edited October 2020

    Edit - ignore me.
    Mods - please delete.

  • @Mr_Tom said: I've used a setup like this in the past.

    That works, but is horrible to use with any ISO installer (and Windows) - mot just reject it outright, either by not having a /32 netmask allowed (eg. pfsense), rejecting gateway out of network and no P2P setting (Debian, Ubuntu) or have no setting at all (requiring non network install, Windows).

    @Francisco said: You'd change eth0 to whatever your main interface is, and you want to change the 00:11:22:33:44:55 to whatever the MAC for that interface is.

    At least for me i did not get this to work, packets just disappear

    Back to the drawing board it is, by now i'd rather have a dedicated system but the BuyVM storage is so cheap - i'd have an unused /24 but NY has no BGP while LV has no available storage, oh well

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @William said: Back to the drawing board it is, by now i'd rather have a dedicated system but the BuyVM storage is so cheap - i'd have an unused /24 but NY has no BGP while LV has no available storage, oh well

    You good sir lie! BGP is available in all locations :)

    Francisco

  • Mr_TomMr_Tom Member, Host Rep

    @William said: That works, but is horrible to use with any ISO installer (and Windows) - mot just reject it outright, either by not having a /32 netmask allowed (eg. pfsense), rejecting gateway out of network and no P2P setting (Debian, Ubuntu) or have no setting at all (requiring non network install, Windows).

    That's a fair point that I should have mentioned in my post.

    I normally just do a non-network/basic install (of Debian usually) and then configure the network after. Although I've only used this setup once and it only has 3 additional IPs/VMs running on it for personal use anyway.

    Thanked by 1Falzo
  • I have similar setups. What I do is:
    Setup proxmox and the load Mikrotik's CHR as an internal router/switch for the VMs
    I assign the IPs to the router and have it manage evertyhing. You can even have the MAC addresses assigned to to the router's interfaces. Just keep in mind that the CHR license will cost your around $40 - $50

Sign In or Register to comment.