Proxmox with one static IP
Lets say you’re building a Proxmox machine, and you’ve only been given one IP. Could be a static IP on a hosted bare metal machine, could be your home lab, it doesn’t really matter. If you wanted to spin up machine inside of the Proxmox instance these notes are for you.
First thing first, you need to create two Linux Bridges. Lets say you have
eth0
as your physical NIC, with the IP of 192.168.1.100/24
. You’d want to
create vmbr0
giving it that .100
address and slaving
it to eth0
.
Now with that you can create vmbr1
which’ll be the actual NIC that you’re
internal network will live on. You can give it any IP range, but strongly suggest
an internal network space like 10.
, 172.
, or 192.
.
Now when you spin up machines “inside” your network add the vmbr1
NIC to it,
wiether it be a LXC container or VM, and give it an IP in that space and you should
be able to ping
around.
If you want to get out to the internet you need to some iptables
built.
ssh
into your host machine and run this:
iptables -A POSTROUTING -t nat -s 172.16.1.0/24 -j MASQUERADE
Where the 172
is the network that you gave vmbr1
and you’ll be able to
ping
/curl
the internet.
If you’d like to set up some NATing from that static IP, here are some useful
iptables
for 80
,8080
,9000
. Note: the internal IP and public-ip
will be different for you.
iptables -t nat -A PREROUTING -p tcp -d <public-ip> --dport 80 -i vmbr0 -j DNAT --to-destination 172.16.1.100:80
iptables -t nat -A PREROUTING -p tcp -d <public-ip> --dport 8080 -i vmbr0 -j DNAT --to-destination 172.16.1.101:8080
iptables -t nat -A PREROUTING -p tcp -d <public-ip> --dport 9000 -i vmbr0 -j DNAT --to-destination 172.16.1.200:9000
Finally, adding static IPs isn’t fun, so it’s useful to have a DHCP server on that network.
Here’s the minimal dnsmasq
you can use to get it to give out IPs in 172.16.1.0/24
network. Note: the 172.168.1.1
is the IP for vmbr1
which is the gateway, and
I’m only giving out IPs from .50
to .240
.
server=8.8.8.8
server=8.8.4.4
interface=ens18
listen-address=172.16.1.2
expand-hosts
domain=asgharlabs.io
dhcp-range=172.16.1.50,172.16.1.240,12h
dhcp-option=3,172.16.1.1
dhcp-leasefile=/var/lib/misc/dnsmasq.leases
dhcp-authoritative