====== Proxmox - Networking - Routed Networking ======

To hide VMs behind the host IP use a routed networking configuration.

Create another virtual network interface and enable routing on this interface.

<code bash>
vi /etc/network/interfaces
</code>

Modify the **eth0** interface:

<file bash /etc/network/interfaces>
auto eth0
iface eth0 inet static
        post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
</file>

<WRAP info>
**NOTE:**  A routed configuration needs **proxy arp** to be enabled on the outgoing interface.
</WRAP>

----

Create the virtual interface and enable routing by adding those lines:

<file bash /etc/network/interface>
auto vmbr1
iface vmbr1 inet static
        address 10.3.5.1
        netmask 255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
</file>

<WRAP info>
**NOTE:**  The last line will enable routing on the interface.

  * With this configuration the VM traffic will routed using the routing table of the host.
  * The outside world needs to know, how to reach the **10.3.5.0/24** subnet.

</WRAP>

----

===== Using NAT =====

To avoid working with static routes, NAT the traffic:

  * This will hide the **10.3.5.0/24** subnet behind the IP address of the Proxmox host.
  * To enable the NAT function add those lines to the virtual network interface:

<file bash /etc/network/interfaces>
        post-up iptables -t nat -A POSTROUTING -s '10.3.5.0/24' -o eth0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.3.5.0/24' -o eth0 -j MASQUERADE
</file>

<WRAP info>
**NOTE:**  This will enable the NAT function for the internal network **10.3.5.0/24** by using **eth0** as the egress network.
</WRAP>

----