proxmox网络配置

The installation program creates a single bridge (vmbr0), which is connected to the first ethernet card (eth0).

auto lo

iface lo inet loopback

auto vmbr0

iface vmbr0 inet static address 192.168.10.2 netmask 255.255.255.0 gateway 192.168.10.1 bridge_ports eth0 bridge_stp off bridge_fd 0

Virtual machine behaves like directly connected to the physical network. Routed Configuration

Most hosting providers does not support above setup. For security reason they stop networking as soon as they detect multiple MAC addresses.

A common setup is that you get a public IP (assume 192.168.10.2 for this example), and additional IP blocks for your VMs (10.10.10.1/255.255.255.0). For such situation we recommend the following setup.

auto lo

iface lo inet loopback

auto eth0

iface eth0 inet static

address 192.168.10.2 netmask 255.255.255.0 gateway 192.168.10.1

post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

auto vmbr0

iface vmbr0 inet static address 10.10.10.1 netmask 255.255.255.0 bridge_ports none

bridge_stp off bridge_fd 0

Masquerading

Sometimes you want to use private IPs and masquerade the traffic:

auto vmbr1

iface vmbr1 inet static address 10.10.11.1 netmask 255.255.255.0 bridge_ports none bridge_stp off bridge_fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward

post-up iptables -t nat -A POSTROUTING -s '10.10.11.0/24' -o eth0 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '10.10.11.0/24' -o eth0 -j MASQUERADE

Unsupported Routing

Physical NIC (eg., eth1) cannot currently be made available exclusively for a particular KVM / Container , ie., without bridge and/or bond. Naming Conventions

* Ethernet devices: eth0 - eth99 * Bridge names: vmbr0 - vmbr9 * Bonds: bond0 - bond9

* VLANs: Simply add the VLAN number to the ethernet device name, seperated by a period. For example \"eth0.50\"

以上是官方网站的配置，下面是自己的配置。

auto lo

iface lo inet loopback

auto eth0

iface eth0 inet static

address 192.168.2.202 netmask 255.255.255.0 gateway 192.168.2.1

post-up iptables -t nat -A POSTROUTING -o eth0 -s 10.0.1.0/24 -j MASQUERADE

post-up iptables -t nat -A PREROUTING -p tcp -d 192.168.2.202 --dport 4321 -i eth0 -j DNAT --to-destination 10.0.1.2:33

post-down iptables -t nat -D POSTROUTING -s 10.0.1.0/24 -o eth0 -j MASQUERADE

auto vmbr0

iface vmbr0 inet static address 10.0.1.1 netmask 255.255.255.0 bridge_ports none bridge_stp off bridge_fd 0

去除post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp的原因是proxy_arp会导致一些网络问题，还是iptables好用。