Proxmox - Networking - Routed Networking

To hide VMs behind the host IP use a routed networking configuration.

Create another virtual network interface and enable routing on this interface.

vi /etc/network/interfaces

Modify the eth0 interface:

/etc/network/interfaces

auto eth0
iface eth0 inet static
        post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

NOTE: A routed configuration needs proxy arp to be enabled on the outgoing interface.

Create the virtual interface and enable routing by adding those lines:

/etc/network/interface

auto vmbr1
iface vmbr1 inet static
        address 10.3.5.1
        netmask 255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward

NOTE: The last line will enable routing on the interface.

With this configuration the VM traffic will routed using the routing table of the host.
The outside world needs to know, how to reach the 10.3.5.0/24 subnet.

Using NAT

To avoid working with static routes, NAT the traffic:

This will hide the 10.3.5.0/24 subnet behind the IP address of the Proxmox host.
To enable the NAT function add those lines to the virtual network interface:

/etc/network/interfaces

        post-up iptables -t nat -A POSTROUTING -s '10.3.5.0/24' -o eth0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.3.5.0/24' -o eth0 -j MASQUERADE

NOTE: This will enable the NAT function for the internal network 10.3.5.0/24 by using eth0 as the egress network.