Proxmox IP bridge for single public IP

Aug 5, 2015 | Linux, Virtualization

 

I just setup a test copy of proxmox 4.1 and realized I only had one IP attached to the box. So I had to set up a bridge and forward ports to the internal IPs. So the basic idea is, we are going to set up a new virtual interface bridge in your networking file. This requires a working proxmox machine up and running. I am using a standard install, no changes made to the network prior to this.

Proxmox Desired Network Layout

External IP ————————- proxmox server as NAT ————————— Internal IP

1.2.3.4 ————————- 1.2.3.4 NAT 10.0.0.10 ————————-10.0.0.10

 

Current network Layout

when we check /etc/network/interfaces we see the following :

As you can see above we have a working interfaces file just with pseudo IPs instead of real ones. yours will of course have your own IP. Also, you may not have an inet6 section.

The actual Proxmox IP bridge part

I added a new bridge interface to it like so :

Ok so lets break it down, line by line :

automatically start vmbr10
interface vmbr10 is a network interface with static IP
the address for the proxmox main server on this interface is 10.0.0.254
netmast is 255.255.255.0
Dont bind any ports
disable the spanning tree protocol **
disable delayed forwarding or no delay on forwarding
Allow IP traffic forwarding once networking i up and running after a boot
Add IP masquerading on networking online ***
disable masquerading on networking offline
Enable routing all packets on port 12022 from public to port 22 on private subnet to machine 10.0.0.2 on networking up
Disable routing all packets on port 12022 from public to port 22 on private subnet to machine 10.0.0.2 on networking down
Enable routing all packets on port 12080 from public to port 80 on private subnet to machine 10.0.0.2 on networking up
Disable routing all packets on port 12080 from public to port 80 on private subnet to machine 10.0.0.2 on networking down

 

Now as you can see above you have a basic bridge and you are forwarding specific ports to internal ports on the VMs. you can forward more ports by copying the last two lines and changing the ports or to different VMs by changing the IPs. also vmbr10 is a random number and can be changed at will. after all is done simply reboot the machine and you are up and running. you can restart networking or ifup vmbr10 if you want but I prefer a clean boot to test the new networking. this should give you a working Proxmox IP bridge 🙂

 

let me know if I messed up anything or how you dealt with this situation.

 

** The Spanning Tree Protocol (STP) is an older network protocol that ensures a loop-free topology for any bridged Ethernet local area network. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. more info here.

*** IP Masquerade is a networking function in Linux similar to the one-to-many (1:Many) NAT (Network Address Translation) servers found in many commercial firewalls and network routers. For example, if a Linux host is connected to the Internet via PPP, Ethernet, etc., the IP Masquerade feature allows other “internal” computers connected to this Linux box (via PPP, Ethernet, etc.) to also reach the Internet as well. Linux IP Masquerading allows for this functionality even though these internal machines don’t have an officially assigned IP address. more info here