just nethserver
Nethserver, as it’s predecessor SME Server, is a real PITA when setup with the wrong NIC or Controller
Shares setting? Ok, start reinstalling nethserver
If not allocating all RAM (You’re allocating a min of 8 GB and a max of 16 GB RAM in the screenshot, that’s the same I use for a hotel in Zug BTW…) you can “weight” (prioritise) the allocation using said Shares setting in the RAM Config of Proxmox for each VM.
Default is 1000.
If you have 8 Machines running with the same settings, the server would need 128 GB RAM just for the VMs. If you have less, then Memory Balloning comes into play.
I allocate virtual servers generally 3000 shares, VM workstations stay at the default 1000.
ok, that was just for starter. I want to adjust, so thanks for info.
Question on nic settings while installing. So I have put 192.168.57.2 as fixed adress for nethserver with netmask 24. Now gateway is 192.168.57.1 or 10? In host interfaces I now have:
auto vmbr1
iface vmbr1 inet static
address 192.168.57.10
netmask 255.255.255.0
gateway 192.168.57.1
As said, your Nethserver should have two NICs if it’s going to be firewall / router / dns for the Windows box.
The NethServer should have two interfaces (Allocated using the Proxmox GUI).
RED points to the internet BRIDGE (vmbr0 in your case)
GREEN points to the internal network BRIDGE (vmbr1 in your case)
The RED can use DHCP, getting an IP from your Provider (Something in the 82.220.38.x range)
The GREEN (Internal) is what you define (You’re making / planning / building the Internal network here!)
I’d suggest using 192.168.57.1 as IP for your Nethserver, as it would be firewall / router for your Windows box
The Gateway of your Nethserver is the RED Interface, with two interfaces your nethserver becomes a router / firewall…
Once NethServer is up & running, you need to configure DHCP / DNS for your clients (That’s here only the windows box) and the certificate.
Then only create your AD (If needed here).
The red is now attached to brigde, so I just had to enable it, nothing configured. On the green I thought, I have to avoid .1 so I have taken .2. Restart installation ?
Nethserver has vmbr0 allocated for red (bridged).
Red gets 82.220.38.12 as its my fixed ip. I did configure it as static adress though. Maybe thats the culprit? Should I change virbr0 on the host back to dhcp?
Yep, I have already done this (dns, dhcp for internal lan) with internal domain setup. That will be no problem, as soons as I get internet connection to create the certificate.
ok, reinstalled. Booting and checking
Normally, i plan networks using “Schema F”, and that looks like this:
Here, your NethServer is your Router / Gateway for other boxes/hosts, so it gets the IP 1.
I always use IP 1 as the “Default Gateway” in any networks i build / plan.
The “Default Gateway” is the next hop toward the internet (Nächste IP Sprung auf dem Weg zum Internet). This is defined by TCP/IP.
Normally, I’d have a dedicated Firewall (That would use IP 1), the NethServer as first UNIX/Linux Server would use IP 20. The AD would use IP 11 (As first Windows!), the windows box would then be 12 or 13…
Grr, something went wrong, maybe the apply button not pushed? Network configuration ignored. Got 192.168.1.1 for eth0 
Where does this come from anyway? I thought, promox would not act as dhcp server?
So I reinstall and this time with 192.168.57.1 for nethserver, adjusting interface file first
Using IP 82.220.38.12 on RED in your NethServer simply creates an IP Conflict, as your Proxmox is already using that IP.
You need a second (fixed) IP from your Provider.
One is for Proxmox (Now 12)
One for your Network (NethServer and Windows)
If you only have one official IP, then you need to pass that on to your NethServer, and use / setup VPN to your NethServer as soon as possible.
dont have it. I thought the purpose of bridging is to be able to both use 82.220.38.12. Ok, so I change back to nat networking for red interface two. My only option until I get a second ip if at all. Would you recomend putting external interface to dhcp or configure 82.220.38.12 as static? Both is possible. Hoster ships server with dhcp and has a reservation probably for this external address.
NAT should work, with the gateway…
I’d fix the IP, as that’s godd practice for servers and standard for anything you want as available…
Think if you have a friend who changes his phone number all the time, mostly you’d have the wrong number in your phone book.
Bridging can be thought of as similiar to a three way electric plug (Dreifach Stromstecker). It’s basically passiv and doesn’t change anything like NAT. An IP allows you to access one host!
Thats what I think too, but wanted to be sure that the problem cannot be because of this. ok, I go with fixed ip then.
As we said that nethserver will get 192.168.57.1 I configure on proxmox 192.168.57.2 as adress, correct?
in earlier attempts you had the gateway missing…
Most likely that was the major issue…
I am confused, so the gateway on proxmox interfaces file for vmbr1 now will be? not 192.168.57.1 as this will be reserved for nethserver for later being gateway when it will act as dhcp server. As adress for virbr1 I now put 192.168.57.2. So on the windows srv with fixed ip in that range .192.168.57.2 will be the gateway?
Do I still put 192.168.57.1 in /etc/network/interfaces temporary?
Each box in a network needs a gateway, that can and is often different.
The analogy of the Internet as a Datahighway (Datenautobahn) is well known
Think of a Gateway as a Ausfahrt on the Autobahn.
In most towns in Switzerland (But not ZH, as there’s several Autobahns), if you’re driving inside town, the sign simply reads “Autobahn” or sometimes “Alle Richtungen” - that’s your Default Gateway.
As your Proxmox is only temporarily acting as Gateway, by all means use IP2.
That way?
auto vmbr1
iface vmbr1 inet static
address 192.168.57.2
netmask 255.255.255.0
gateway 192.168.57.2
bridge-ports none
bridge-stp off
bridge-fd 0
The Gateway can never be itself. This must be another box.
vmbr1 does not need a gateway. The Gateway (Actually Default Gateway) is on vmbr0
A Host can only have ONE Default Gateway not several on several NICs. The more or less only exception to this is a Router with Provider Failover (using two different Providers), each with their own default Gateway.
A default Gateway is basically like a sign “Alle Richtungen”, a Gateway (Not Default) would be like a sign to Winterthur…
Thats why I wanted to put temporary only until nethserver takes over:
auto vmbr1
iface vmbr1 inet static
address 192.168.57.2
netmask 255.255.255.0
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s ‘192.168.57.0/24’ -o enp26s0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s ‘192.168.57.0/24’ -o enp26s0 -j MASQUERADE
And for red:
auto vmbr0
iface vmbr0 inet static
address 10.0.57.2
netmask 255.255.255.0
gateway 10.0.57.1
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s ‘10.0.57.0/24’ -o enp26s0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s ‘10.0.57.0/24’ -o enp26s0 -j MASQUERADE
So now in setup of nethserver I take 10.0.57.5 Netmask 24 gateway 10.0.57.1
No Gateway on vmbr1, it’s already on vmbr0!
Well wait, as I have removed the direct bidged and am going back to 2 nat networks. The gateway is already set in enp26s0, so both nat networks without gateway, right?