ProxmoxCentral

Configuration Diary for Proxmox VE 8.1 VM Network

,
Allen Judson

Scenario  

There are two physical machines in the server room. Physical Machine A is configured with public IP 106.58.222.100, while Physical Machine B has a static IPIM address of 192.168.1.33.

To save IP addresses, only Physical Machine A is assigned a public IP. Virtual machines (VMs) are created on Physical Machine A to access Physical Machine B’s IPIM within the local network. An additional external network card was added to Physical Machine A (which originally had only one physical network card). With the hardware ready, network configuration begins.

Proxmox VE Network Configuration on Physical Machine A  

When PVE is initially set up, it automatically creates the `vmbr0` bridge network, under which the public IP is placed. Modify the `/etc/network/interfaces` file as follows:

auto lo

iface lo inet loopback

auto eno2  # Built-in physical network card of Physical Machine A

iface eno2 inet manual

auto enx000ec62f783c   # External network card added to Physical Machine A

iface enx000ec62f783c inet manual

auto vmbr0     # Default bridge network created by PVE

iface vmbr0 inet static  # Static IP

    address 106.58.222.100/24  # Public IP

    gateway 106.58.222.1   # Gateway address

    bridge-ports eno2   # Bridge port

    bridge-stp off

    bridge-fd 0

auto vmbr1  

iface vmbr1 inet static

    address 192.168.1.1/24  # Address of the bridge, used as a gateway within VMs; avoid using this address in VMs.

    bridge-ports enx000ec62f783c

    bridge-stp off

    bridge-fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward                                                    # Network forwarding

post-up iptables -t nat -A POSTROUTING -s ‘192.168.1.0/24’ -o vmbr1 -j MASQUERADE  # Forwarding packets from VMs to the internet (use the subnet address here)

post-down iptables -t nat -D POSTROUTING -s ‘192.168.1.0/24’ -o vmbr1 -j MASQUERADE

post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT –zone 1    # Firewall-related settings

post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT –zone 1

A new bridge network `vmbr1` is added for connecting to the local network, with the bridge port set to the external network card.

After modifying the configuration, run `ifreload -a` to apply the changes.

Accessing PVE, you should now see the following network settings.

Verify PVE Network Configuration  

1. Public Network:  

ping baidu.com

ping 1.1.1.1

If you can ping Baidu, the public network configuration is successful. If you cannot ping Baidu but can ping 1.1.1.1, the DNS configuration might be incorrect. Modify the `/etc/resolv.conf` file to add a nameserver (e.g., `nameserver 8.8.8.8`).

2. Local Network:  

ping 192.168.1.33

If successful, the local network is correctly configured.

VM Network Configuration on Physical Machine A  

The VM uses Windows 10, with the network device set to Intel E1000 in the hardware configuration.

Initially, I tested binding the public IP `106.58.222.100`, which worked fine. However, when I changed it to a local IP `192.168.1.22`, with a subnet mask `255.255.255.0` and gateway `192.168.1.1` (the bridge gateway), the VM could not ping Physical Machine B’s IPIM `192.168.1.33`.

Solution  

At first, I suspected configuration issues and spent time reviewing files, but everything seemed correct. After consulting an expert, they simply updated the drivers, and the VM connected to the local network successfully. Below are the steps:

1. Download `virtio-win-0.1.240.iso` (Download link: [Index of /groups/virt/virtio-win](http://…)).

The Virtio-win driver is mainly for KVM VMs. It provides a YUM repository, and installing the RPM package places the driver and agent in the `/usr/share/virtio-win` directory for sharing with Windows VMs.

2. Upload the file to the host machine.

3. Map the file to the Windows VM’s CD/DVD drive.

4. Modify the VM’s network device model to VirtIO (paravirtualized) in the hardware settings.

5. Enter the Windows VM and install the driver.

6. Update all network adapters in the Device Manager.

7. The VM should now ping Physical Machine B’s IPIM `192.168.1.33`, enabling browser access to IPIM.

CentOS 7.6 VM Configuration  

For a CentOS 7.6 VM with dual network cards set to Intel E1000:  

Configure both cards for simultaneous external and internal network access.

Navigate to `/etc/sysconfig/network-scripts` and locate the network configuration files (e.g., `ifcfg-ens18`). Duplicate the file as `ifcfg-ens19` and modify accordingly.

Example configuration:  

TYPE=Ethernet

BOOTPROTO=static

ONBOOT=yes

IPADDR=192.168.1.22

GATEWAY=192.168.1.1

NETMASK=255.255.255.0

DNS1=192.168.0.1

Restart the network with:  

service network restart

Supplementary Notes  

If you encounter issues like being able to ping `1.1.1.1` but not `baidu.com`, set up a DNS resolver in PVE under `IDC -> DNS -> Edit`.

Debugging Network Conflicts  

Unexpected issues arose with dual network card setups, such as the local network working but disconnecting the public network, and vice versa. This was likely due to routing conflicts.

To address the issue temporarily, I migrated the server and reconfigured the internal network card:  

TYPE=Ethernet

BOOTPROTO=static

DEFROUTE=no

IPADDR=172.16.2.21

NETMASK=255.255.0.0

Set `DEFROUTE=no` to remove the internal network card’s gateway.  

After reloading the network, both internal and external networks worked. However, potential future issues remain uncertain.

Recording Routing Issues  

A routing problem reappeared later. Using `route`, I noticed two unexpected entries. To resolve:

1. Edit `/etc/sysconfig/network`:  

NOZEROCONF=yes

2. Restart the server. Afterward, pinging Baidu succeeded, resolving the issue.

Leave a Reply

Your email address will not be published. Required fields are marked *