Table of Contents
Proxmox - Networking - Bridged VM Traffic
Used to directly connect the VMs to the network.
If there is two or more network cards in your system, then it is recommended to use a different network card for the VMs to separate the guest traffic from the management traffic.
Create a bridged network
To create a bridged network, create a virtual network card.
ssh into the Proxmox server.
vi /etc/network/interfaces
Add a new virtual network interface by adding those lines:
- /etc/network/interfaces
auto vmbr1 iface vmbr1 inet manual bridge_ports eth1 bridge_stp off bridge_fd 0
NOTE: This will create vmbr1 which is bound to the eth1 interface.
- An IP address is not assigned to the eth1 or the vmbr1 interface.
- This way, the guest VMs are not able to connect to the host directly.
Only having a single interface
If there is no separate interface, the virtual network card can be bound to the available interface like this:
- /etc/network/interfaces
auto eth0 iface eth0 inet static auto vmbr1 iface vmbr1 inet static address 10.3.5.1 netmask 255.255.255.0 bridge_ports eth0 bridge_stp off bridge_fd 0
NOTE: An IP address has to be assigned to vmbr1 which is used for eth0.
Using a VLAN
A VLAN can be used to separate the traffic, even if there is only one network interface.
This can be configured this way:
auto vmbr1 iface vmbr1 inet manual bridge_ports eth0.10 bridge_stp off bridge_fd 0
NOTE: Creating vmbr1 and binding it to eth0.10 will create the tagged VLAN 10 on eth0.
- Ensure that the Switch port is configured with the same setting.
- All VMs bound to this virtual bridge interface, will be placed into VLAN 10.
Final Resulting file
- /etc/network/interfaces
# network interface settings; autogenerated # Please do NOT modify this file directly, unless you know what # you're doing. # # If you want to manage parts of the network configuration manually, # please utilize the 'source' or 'source-directory' directives to do # so. # PVE will preserve these directives, but will NOT read its network # configuration from sourced files, so do not attempt to move any of # the PVE managed interfaces into external files! auto lo iface lo inet loopback iface enp3s0 inet manual iface enp11s0f0 inet manual iface enp11s0f1 inet manual iface enp11s0f2 inet manual iface enp11s0f3 inet manual auto vmbr0 iface vmbr0 inet static address 192.168.1.95/24 gateway 192.168.1.1 bridge-ports enp3s0 bridge-stp off bridge-fd 0 auto vmbr1 iface vmbr1 inet manual bridge-ports enp11s0f0 enp11s0f1 enp11s0f2 enp11s0f3 bridge-stp off bridge-fd 0
NOTE: There are 2 separate physical network cards in the system:
- enp3s0: This only has a single port.
- enp11s0: This has 4 ports.
The host will use the enp3s0 card.
The VMs will use the enp11s0 card.
- Notice the bridge-ports enp11s0f0 enp11s0f1 enp11s0f2 enp11s0f3 line which will bridge all 4 ports on this card.