Continuing from:
Hello Marko
As Iâm a heavy Proxmox user, maybe I can help you with your Proxmox Interface issues.
Is the Proxmox running at home, or at a Provider (hosted)?
Most likely are two issues:
Proxmox prefers a connected NIC, at a hosted environment, usually only one is actually connected (=active).
The second is a misconfiguration of the 2nd NIC in Proxmox, often seen when using DSLâŠ
My 2 cents
Andy
Iâm using it at home on my own server.
During installation only one port is connected to the router. The second I would connect to my switch after installing NS as Gateway.
If I understand right both should be connected during installation?
Hi
Not necessarily. The important one is the LAN connection of the Proxmox, the one youâll use to configure Proxmox. Weâll call this NIC1 (eth0 on the hardware, depending which NICs were connected when, and to whereâŠ) Note that Proxmox does not need connection to the gateway when booting, important later onâŠ
If your hardware has two interfaces, then it should be easily possibleâŠ
As I understand it, the second Interface (NIC2) is connected to your Router. Is this a real Internet router (Using some form of NAT), or a Bridge (For cable or DSL)?
This Network shown here is something similiar as you have, itâs running at a friends home. He has a VDSL Router, now running as a DSL-Bridge, meaning the whole PPPoE is passed through to the Firewall (ABHO-OPNsense).
This OPNsense is a VM, running in Proxmox and is configured as the first VM to start up.
The HP Microserver has two NICs, the NIC1 is connected to the LAN using IP 192.168.209.61.
The second NIC in Proxmox is configured as a NIC (NIC2), active but no TCP/IP configuration. This is used to pass PPPoE thru to the Firewall, here OPNsense.
My friend does have a NethServer running. But in your case, think of the OPNsense box as your NethServer. It also has two connections, one to the LAN, the other to the Internet and it is acting as firewallâŠ
Note that my friend also uses Synology, but as DiskStorage and Backup for Proxmox.
How the firewall âseesâ itâs NICs (one connected to Proxmox NIC1, the other to Proxmox NIC2).
This is what the Interfaces look like in Proxmox:
The trick is simply editing the config file directly, using nano or whatever you prefer:
nano /etc/network/interfaces
This is what it should look like:
And this is what the Proxmox VM allocation looks like for the virtual Firewall (in your case your NethServer).
Youâd need to adapt the used LAN adresses, here 192.168.209.61 to whatever is used in your LANâŠ
Also important: Proxmox uses a LAN Gateway, which is not available when Proxmox is booting. Itâs the LAN IP of the OPNsense Firewall (Your Nethserver), which is the first to boot up when Proxmox starts.
Hope this helps
Andy
Thank you @Andy_Wismer for your awesome description!
Now I tried to reproduce it on my Server 2âŠ
auto lo
iface lo inet loopback
iface enp2s0 inet manual
iface enp3s0 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.168.3.200
netmask 255.255.255.0
gateway 192.168.3.1
bridge_ports enp3s0
bridge_stp off
bridge_fd 0
auto vmbr1
iface vmbr1 inet static
bridge_ports enp2s0
bridgs_stp off
bridge_fd 0
The Server has internet connection. But Iâm bit irritated, that the interface state inside NS is different to your show case. Possibly because I have not yet installed the virtual NS and have not yet connected enp2s0 to my router?
My current Architecture:
-
Internet-/DSL-Router: 192.168.2.1/24
- currently connected via switch to my dedicated Nethserver on Server 1
- later planned to connect to enp2s0 of my Server 2 (Promox)
-
Server 1: dedicated NS-Gateway 192.168.3.1/24 (GREEN/LAN) with DHCP and DNS + 192.168.2.5 (RED/WAN)
Server 1 shout be substituted by Server 2 with Promox and a virtualised Nethserver as Gateway -
all Clients (Diskstation, Workstations, Laptops, Mobile PhonesâŠ),connected via switch with Server 1 (dedicated NS): 192.168.3.2-192.168.3.254)
-
for Installation purposes Server 2 (Promox) with enps20 (not connected) and enp3s0 connected via switch to the gateway. This server is pingable from other clients and has internet connection.
My planned Architecture:
- Internet-/DSL-Router: 192.168.2.1
- connected to enp2s0 of my Server 2 (Promox)
- connection to Server 1 disconnected
-
Server 2:
- enps2s0 with 192.168.2.2 connected to my DSL-Router
- enp3s0 connected to my switch (LAN-side)
- virtual NS-Gateway with DHCP and DNS
- all Clients (Diskstation, Workstations, Laptops, Mobile PhonesâŠ),connected via switch with Server 1 (dedicated NS): 192.168.3.2-192.168.3.254)
- Server 2 (Promox) with enps20 (connected to DSl-Router) and enp3s0 (connected to the switch).
The next step should be the installation of my virtual Nethserver as Gateway.
My Question:
- Is the current Network Interface configuration and my planned architecture well done or wrong?
- Is my assumption correct that before installing the virtual net server, I need to turn off the dedicated (server 1) and connect enp2s0 to the router?
- Can I migrate my DHCP-, Firewall- and Webproxy - Configuration from Server 1 to the new virtual Nethserver?
Thank you very much!
ps: Maybe it makes sense if an admin here moves this topic to a new thread.
Hi
Iâm on the road right now, but will give you feedback in ca. 1 hourâŠ
As to the network state in the proxmox interface. Set them all as active & automatic (in the interface), then reboot your proxmox and look again. Should be better.
Andy
Hi
Iâve had time to look over your current and planned architecture.
Current is clear and more or less âstandardâ, using NethServer as a hardware router and server.
Planned: As far as stated ok, but could be optimized with a few more stepsâŠ
To answer your questions:
- see above (and below).
- Yes, there can only be one default gateway in a network at any time. Same goes for DHCP servers, MS switches of itâs DHCP Server Service if another active DHCP server on the LAN is detected.
- You can âmigrateâ your config, but Iâd suggest having two browsers open, one to the old server, one to the new, and recreate the config by hand. The learning effect is much higher!
Another advantage is at the moment, there are not to many rules (yet). This gives you a good chance to document it, and review each rule if really necessary.
At this moment, Iâd suggest fix the proxmox like stated in the previous post (active / auto NICs), reboot.
The next logical step would be setting up your new NethServer as firewall inside Proxmox.
For Proxmox (some basics):
Use XFS file system, if youâre not a guru with ZFS/CEPHâŠ
Use .qcow2 as disk file (if possible). raw may be a mite faster, but wastes a lot of time & space with backupsâŠ
Have a NAS (I use Synology, as seen above) for your backups. I use shares like:
- PVE_Container
- PVE_ContainerTemplate
- PVE_DiskImage
- PVE_ISOImage
- PVE_VZDumpBackup
on the NAS, inside Proxmox theyâre mounted as Container, ContainerTemplate (all without the PVE_) using NFS.
Two images showing the NAS attached to Proxmox with NFS.
Hereâs the Synology side of things (Sry this is in german):
Using Proxmox as a possibility for Backup and fast recovery is one of your primary goals - like for most of us using ProxmoxâŠ
Storage & Backups are defined in Proxmox at the Datacenter level.
Here is a sample of backups:
Note: The amount of backups (generations) is defined in the storage register (Max Backups) shown above. I use 7 generations. You can define the same storage twice (two different names), one with 7 generations, one with say 3, for less critical stuff.
Play with the backups (Using your freshly installed NethServer as test candidate), try a manually triggered one, and see how fast things go. restore it with a different VMID (Proxmox VM Identifier), to see that everything works! (Donât have both running at the same time, youâll get a classical IP conflict!)
Optimizing the âplannedâ state of your home networkâŠ
If you anyway have two hardware servers around, and thatâs ok, why not use BOTH as proxmox, and run everything inside of Proxmox?
Once youâve seen how fast and reliable a live backup works with Proxmox and an external NAS, youâll never feel ok running anything native on hardware, with no independent option to make a backup or snapshot ANY time you want to! Running anything on native on hardware means that system has to provide a reliable backup and restore option.
But that usually also means part of that system must be up and running - to be able to start a restoreâŠ
Proxmox backups can start on any KVM capable hardware, even some Synologys provide KVMâŠ
Thatâs flexibility!
Andy
But this is exactly my current hurdle.
If I try to activate enp2s0, I would enter:
IP: 192.168.2.2/24
Gateway: 192.168.2.1 â at this point comes a message, that enp3s0 has already defined a gateway
And how should I activate vmbr1? I would like to assign the IP 192.168.3.1 for the GREEN-Side of the future Nethserver Firewall.
Donât put ANY IP information on that NIC.
A NIC (Network Interface Card) can and usually nowadays transports TCP/IP, so everyone thinks I need to put in an IP adress, or itâll get one from DHCP.
However, think back a few years, or maybe ten, twenty or thirtyâŠ
There was a time most NICs worldwide used NetBEUI (Microsoft pre TCP/IP Network Protocoll) or IPX (Novell). Times of Windows 95, Windows 98 or Win98SE⊠Mainframes were using even baser stuffâŠ
We want to use this Interface for the Firewallâs Internet Connection. Proxmox just âpassesâ the Message, without âtouchingâ or changing it at all - it IS called a Bridge (VMBR) after all!
See my example from 2-3 posts earlier, vmbr1 (as mine is called) has no tcp/ip info.
You can only set it to auto in the Interface, after that it NEEDs to be connected (To anything, even an empty powered switch) - and a reboot - to show up as active. That leaves you the liberty to switch the current gateway / Internet Connection only when youâre readyâŠ
See here:
set âAutostartâ⊠thatâs really tooo easy. Normally I do that, but in your 1st. screenshot Autostart is remarked as OFF. Thats whyâŠ
Now I will try to install nethserverâŠ
Good!
Make a note of the NICs (vmbr0 should be the first one listed (by the NethServer installation programm) , that would point to your LAN for NethServer, the other one (vmbr1) would become your âREDâ WAN.
Your commenting of the NICs is good!
Good installing!
PS:
Small Afterthought:
Itâs always a good idea to plan and document your Network.
Since I canât post an Excel file here, I can give you the basics:
This is a generic network, as a planning base. The default gateway will always be 1. The first printer will have 31. Nethserver will have 20, unless running as gateway/firewall, then it uses 1 (or even both). At home, I donât have any POS (Point of Sales) devices, but this is a generic IP scheme, to be adapted as needed.
Later, it looks like this. (MAC-Adr are removed, these are for DHCP reservations).
This document is my âMasterâ when it comes to IPs/MAC-AdressesâŠ
A copy / paste from NethServers DHCP Page works wellâŠ
1 Like
Too late 
I installed Nethserver now: the NIC inside the installation script was completely different
The IP 192.168.2.100 came via DHCP from my router
Now I cannot configure my network inside nethserverâŠonly one interface
thatâs all.
I will try again with the newly arranged bridges in Proxmox.
Sh*t happensâŠ
But Proxmox makes a second try quickâŠ
And you saw that our configuration of Proxmox for the Internet side was correct: Your internet router gave that IP, Proxmox didnât touch that!
Actually, for the installation, Iâd temporarily deactivate the RED Interface in Proxmox.
-> Have only the one pointing to the LAN available and active for the installation.
Less errors!
Nethserver VW is not respondig for shut down and purging
reboot of the Proxmox needs a long time: 3 Jobs are hangingâŠ
1 of 3 "A job is running for PVE API Deamon (x min x sec / y min y sec)
2 of 3 "A job is running for Self Monitoring âŠSMART (x min x sec / y min y sec)
3 of 3 "A job is running for PVE status Deamon (x min x sec / y min y sec)
After a while (time out)âŠ
"A job is running for Monitoring of LVM2 mirrors, snapshots etc. using dmeventd or progress polling (x min x sec / y min y sec)
That may indicate a hardware problemâŠ
Disk or controller
ok, I will install Proxmox again⊠Last installation attempts I didnât get such messages
UFFâŠ
Iâd check the system / bios (HP Server?) if the RAID says itâs OK or notâŠ
Iâm using ZOTAC ZBOX-CI327NANO, no RAID only SSD.