How To Configure Bridged Proxmox Networking
In a Routed Proxmox setup, you add your IP addresses to your interface then forward the connection to guests. You don’t need MAC addresses to do this but it poses some security concerns. Concerns like IP stealing if you don’t use protection against this. Bridged Proxmox Networking allows you to use MAC addresses and you then configure your guests to use the bridge as a connection. This is a much better way of configuring your Proxmox networking because customers can’t steal IPs and you can attach multiple IP blocks to the same guest.
Inside your Proxmox interfaces file, we are going to specify the bridge for IPv4 and IPv6 plus configure a private network. Let’s look at this file in its complete form.
# network interface settings; autogenerated # Please do NOT modify this file directly, unless you know what # you're doing. # # If you want to manage parts of the network configuration manually, # please utilize the 'source' or 'source-directory' directives to do # so. # PVE will preserve these directives, but will NOT read its network # configuration from sourced files, so do not attempt to move any of # the PVE managed interfaces into external files! auto lo iface lo inet loopback iface enp5s0f0 inet manual iface enp5s0f1 inet manual iface enp7s0f3u2u2c2 inet manual auto vmbr0 iface vmbr0 inet static address HOST-IP/32 gateway HOST-GATEWAY bridge-ports enp5s0f0 bridge-stp off bridge-fd 0 post-up echo 1 > /proc/sys/net/ipv6/conf/vmbr0/proxy_ndp iface vmbr0 inet6 static address 2001:41d0:xxx:xxxx::0001/64 gateway 2001:41d0:xxx:xxxx:xx post-up /sbin/ip -f inet6 route add 2001:41d0:xxx:xxxx:xx dev vmbr0 post-up /sbin/ip -f inet6 route add default via 2001:41d0:xxx:xxxx:xx pre-down /sbin/ip -f inet6 route del default via 2001:41d0:xxx:xxxx:xx pre-down /sbin/ip -f inet6 route del 2001:41d0:xxx:xxxx:xx dev vmbr0 auto vmbr1 iface vmbr1 inet static address 10.10.10.1/24 bridge-ports enp5s0f1 bridge-stp off bridge-fd 0 bridge-vlan-aware yes bridge-vids 2-4094 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
Let’s go through this. The iface is your adapter. Most servers will have one but you may see many here. The first one is always your physical connection. In this example, iface enp5s0f0 inet manual.
Bridged Proxmox Networking
Here’s your Bridged Proxmox Networking. This is the connection guests use in the adapter settings. All VMs and CTs use vmbr0.
The address is always the main IPv4 of your business dedicated server. You append a subnet to the IP. We’re using a /32 subnet.
The gateway is listed in your F2H client area. Do not append a subnet to the gateway.
For the bridge connection, we specify the adapter in the bridge-ports field. This is always your physical adapter. The first listed in the file. In our example our physical adapter is enp5s0f0
Just like in vmbr0, we specify the main IPv6 assigned to the server. Usually, you just append 0001 to your IPv6 subnet. You must include the /64 or whatever subnet you are assigned. You specify the IPv6 gateway and forward IPv6 to the vmbr0 adapter. Specify the gateway in all lines.
This is used for private networking. It’s ready to go and doesn’t need to be changed unless you want to change the private IP subnet.
That is the connection settings for a bridged proxmox setup. It’s much more flexible than a routed proxmox setup and some would say more secure.
How was this article?
You might also like
More from Proxmox
How to create a ZFS Swap Partition
Swap on Linux will assist if your environment is running short on memory. Usually, during setup, most distributions configure a …
How To Configure Proxmox Bridged Networking
How To Configure Proxmox Bridged Networking Unlike a Promox Routed Networking setup, Bridged networking requires that MAC addresses are assigned to …
Secure Proxmox With A Proxmox SSL Certificate
Secure Proxmox With A Proxmox SSL Certificate When installing Proxmox you must make sure your hostname resolves to your server before …