In this part of the tutorial, we are going to see how to setup a private network and a dhcp server to automatically and dynamically assign an ip addresses to our virtual machines and containers on boot. I needed this setup because i had only one ip address available for my server, so i decided to go for a NAT-ed private network.
This tutorial is going to cover the following subjects without being limited to :
- My server setup
Provider Hardware specs The installed operating system My disk partitioning Setting up local and backup store for vms and container backups
- Setting up a private network for the containers and virtual machines
- Setting up port forwarding to be able to connect directly through ssh to the containers and virtual machines
- Installation of fish
- lxc containners
- Proxmox bindmounts explained
- Installing a dhcp server
- Securing the different sites with lets encrypt
- Installing Gitea
- Installing emby
- Installing nextcloud
- Installing a torrent server linked to emby and remote controlled by web or by smartphone
- Setting up a personnal blog with hugo with support of disqus comments
- Installing OSx Catalina
- Todo : install Taiga
- Todo : setting up a small dns server
- Todo setting up a secured mail server
This topology corresponds to Masquerading (NAT) with iptables. Masquerading allows guests having only a private IP address to access the network by using the host IP address for outgoing traffic. Each outgoing packet is rewritten by iptables to appear as originating from the host, and responses are rewritten accordingly to be routed to the original sender. The following steps will create a 10.10.10.0/24 network. If you which to have a different network, you can adapt it to your convenience.
Step 1 : Configure a new bridge interface for the private network
First edit /etc/network/interfaces
auto lo iface lo inet loopback iface eno1 inet manual auto vmbr0 iface vmbr0 inet dhcp bridge-ports eno1 bridge-stp off bridge-fd 0 auto vmbr1 iface vmbr1 inet static address 10.10.10.1 netmask 24 bridge-ports none bridge-stp off bridge-fd 0 bridge-vlan-aware yes bridge-vids 2-4094 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
vmbr1 is the newly created bridged interface we will use for the private network. When creating VMs or containers, we will be selecting this interface.
/etc/init.d/networking restart iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
Check that the new interface is up :
ip a ... 4: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 56:0c:7d:73:6a:aa brd ff:ff:ff:ff:ff:ff inet 10.10.10.1/24 scope global vmbr1 valid_lft forever preferred_lft forever inet6 fe80::80b4:d5ff:feba:2c7/64 scope link valid_lft forever preferred_lft forever
check that the static route exists :
ip route ... 10.10.10.0/24 dev vmbr1 proto kernel scope link src 10.10.10.1
You should now be able to create a container or virtual machine with a static IPv4 address using the newly create network.
Step 2 setting up the dhcp server
create a container with the following attributes :
- bridge interface : vmbr1
- Static (IPv4) : 10.10.10.2⁄24
- Gateway (IPv4): 10.10.10.1
Install Dnsmasq and disable systemd resolver on the container :
sudo apt-get install dnsmasq sudo systemctl stop systemd-resolved sudo systemctl disable systemd-resolved
Create a new file,
/etc/dnsmasq.d/vnet, which will be used to define the subnet.
# /etc/dnsmasq.d/vnet dhcp-range=10.10.10.3,10.10.10.100,12h dhcp-option=option:dns-server,10.10.10.2
Finally, start Dnsmasq and enable it to start on boot.
sudo systemctl start dnsmasq sudo systemctl enable dnsmasq
vmbr1 network interface can be selected when creating a VM or container, and DHCP can be used to properly obtain an IP address from the DHCP server.