I have a proxmox with several VM/CT and i am currently using pfSense for NAT & VPN.
Previously, I had only 2 ip address, one for proxmox, on for the only subnet.
Now I want to add another subnet with another ip address, so I got the FO IP Address and i assigned the same MAC Address than the previous one.
I saw that IP Alias is a good Virtual IP solution to match another IP to a different subnet.
I create another interface for my proxmox
auto lo
iface lo inet loopback
auto vmbr0
iface vmbr0 inet static
address PROXMOX.IP/24
gateway PROXMOX.GW
bridge-ports eno1
bridge-stp off
bridge-fd 0
auto vmbr1
iface vmbr1 inet static
address 10.0.111.253
netmask 255.255.255.0
bridge-ports LAN
bridge-stp off
bridge-fd 0
# Only vmbr2 is new, I did not touch the others
auto vmbr2
iface vmbr2 inet static
address 10.0.1.253
netmask 255.255.255.0
bridge-ports LANSWP
bridge-stp off
bridge-fd 0
To the pfSense's VM, I added vmbr2 using VirtIO
To a new Ubuntu CT, I added a network device (virtIO)
eth0 / vmbr2 / IP 10.0.1.1/24 / GW 10.0.1.254
I added new Virtual IP
IP Alias on WAN with NEW_PUBLIC_IP/32 address
I added new assignment to new the pfSense interface
vtnet2 / IPv4: Static IPv4 / IPv4 Address: 10.0.1.254/24
I configured a new DHCP server:
Services > DHCP Server > LANSWP
Enable
Range: 10.0.1.10 -> 10.0.1.245
DNS Servers: 8.8.8.8, 8.8.4.4
ifconfig show me
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.1.1 netmask 255.255.255.0 broadcast 10.0.1.255
It seems very similar to another CT for the previous subnet.
I open the port 80 & 443 to the new server.
Now, webserver is available on the internet, Yeepee !
But the webserver is unable to reach internet
I found the origin of the problem.
When I added the interface to pfSense, pfSense did not automatically create the firewall rules to get out.
So I added rules
Pass / LANSWP / IPv4 / Any protocol / From LANSWP net / To any / Allow IPv4 LAN to internet
Pass / LANSWP / IPv6 / Any protocol / From LANSWP net / To any / Allow IPv6 LAN to internet
And now VM has access to internet.
Related
A bridge brOnline is connected to eth0 which provides access to the LAN / Internet. The setup is archived within modifying /etc/network/interfaces like below.
Why? The aim of this adventure is establish a virtual network between several virtual machines and the system hosting the virtual bridge an the virtual machines (host).
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto MyBridge
iface MyBridge inet dhcp
bridge_port eth0
bridge_stp on
bridge_fd 0.0
How can I connect to the bridge from my host?
One important thing: Adding eth0 to the bridge makes it somehow unavailable to the host!
So before adding the interface eth0 to the bridge, which magic was connected to eth0 which enabled my browser the access to the local network? Can or how can I connect this magic to the bridge to have access to the LAN and can talk to the other clients connected to the bridge?
The attempts have been wrong. For the host it is not necessary to connect over an tap-device to the bridge, it has the abilety to connect directly to the bridge. In Other words if you set your default route to bridge connecting to the gateway, than you can connect to the LAN-Interface too.
# see actual settings
# The displayed via is the default gw which may be provided by your dhcp
ip route
default via 42.69.42.69 dev eth0
...
# delete the default route, otherwise error: "file exists" will show up
sudo ip route del default via 42.69.42.69 dev eth0
# Add your bridge as default route
sudo ip route add default via 42.69.42.69 dev brOnline
# check
ip route
default via 10.13.0.10 dev brOnline
ping/ssh to the outside are possible, also firefox is working with those settings.
Hint:
Those changes are not permanent. To do so, you need to edit /etc/network/interfaces.
I'm still not able to ping to the other VM's and vice versa, but this might be an other topic.
I'm currently working with a beaglebone black and want to evade the whole dhcp issue. I'm trying to change my IP to remain static; however, after I've done all of that and inputted my dns (since resolvconf is installed), it still won't change the IP even though i've restarted the networks and the entire beaglebone. It also seems like even when I mess with the code in /etc/network/interfaces by changing the usb's IP, placing fubar etc -- that updating the network doesn't affect the ifconfig. I'm thinking that the network is grabbing these address from somewhere else and I'm not sure how to find that. Below is my code in /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp
# Example to keep MAC address between reboots
#hwaddress ether DE:AD:BE:EF:CA:FE
# The secondary network interface
#allow-hotplug eth1
#iface eth1 inet dhcp
# WiFi Example
#auto wlan0
#iface wlan0 inet static
# wpa-ssid "essid"
# wpa-psk "TMS"
# Ethernet/RNDIS gadget (g_ether)
# ... or on host side, usbnet and random hwaddr
# Note on some boards, usb0 is automaticly setup with an init script
auto eth0
allow-hotplug eth0
iface eth0 inet static
address 10.31.49.168
netmask 255.255.252.0
gateway 10.31.49.253
dns-domain tms.local
dns-nameserver 10.31.49.6
iface usb0 inet static
address 192.168.7.2
netmask 255.255.255.0
network 192.168.7.0
gateway 192.168.7.1
dns-nameservers 10.31.49.6
dns-search lan
Please let me know what I can do. Thank you in advance!
I don't know if this will answer your question, but, the BBB debian distribution uses connman to manage the network.
I've also not been able to get a static IP address to work, but maybe this will help in your research.
In my Linux server I have 2 interfaces so the linux server can be accessed via Terminal by typing
ssh username#IP1
or ssh username#IP2
Every thing works fine until I restarted my server. Now I could only access the linux server via the first IP address.
I checked IP configuration (here I am connected to the server via my first IP address)nano etc/network/interfacesgives:
iface eth0 inet static
address 192.168.1.13
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.253
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 192.168.1.2
# The secondary network interface
allow-hotplug eth1
iface eth1 inet static
address 192.168.1.14
netmask 255.255.255.255
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.253
dns-nameservers 192.168.2.2
ifconfig shows that only eth0 is up so, so once I typed nano /sys/class/net/eth1/operstateI discovered that this interface(second IP adress) is down so I tried ifconfig eth1 192.168.1.14 netmask 255.255.255.255 up and then restarted my networking service and ifconfig shows that my interface is up and can be accessed via terminal, but my access is denied (Permission denied, please try again) once I tried ssh username#192.168.1.14what can I
do in order to be able to access the servers via terminal with this IP address
Try to ping the second interface just to make sure there isn't something wrong with the network itself
Make sure that SSH Daemon is configured to listen on both ports.
i'm pretty sure that the problem is in this line:
allow-hotplug eth1
change it to auto eth1, the interface should now start whenever the system starts.
I am using Ubuntu 12.04. I assigned two IP addresses to the ethernet card by editing /etc/network/interfaces. It now looks like that (skipping lines not related to the question).
auto eth0
iface eth0 inet static
address 192.168.60.23
netmask 255.255.255.0
gateway 192.168.60.1
up route add 192.168.60.1 dev eth0
up route add 10.0.1.1 dev eth0
up route add 192.168.60.151 gw 10.0.1.1
auto eth0:1
iface eth0:1 inet static
address 192.168.60.101
netmask 255.255.255.0
Now, howerver, I would like to let the packets going to 192.168.60.151 leave my machine with the second IP address (192.168.60.101) as source address.
I tried adding src 192.168.60.101 to the corresponding up route line but it didn't work. I also tried to move this line to the eth0:1 block but it didn't work either. When I execute ip route get 192.168.60.151 I always get 192.168.60.151 via 10.0.1.1 dev eth0 src 192.168.60.21.
I googled but didn't find out how to modify the source address of outgoing packets.
I have configured my server with static ip address but when happens a certain time change the ip address and I have to restart the network to put the original ip address.
This is my configuration:
auto eth0
iface eth0 inet static
address 192.168.1.218
netmask 255.255.255.0
gateway 192.168.1.100
nameserver 192.168.1.210
thank's