INTRODUCTION

In this part of the tutorial, we are going to see how to setup a private network and a dhcp server to automatically and dynamically assign an ip addresses to our virtual machines and containers on boot. I needed this setup because i had only one ip address available for my server, so i decided to go for a NAT-ed private network.

This tutorial is going to cover the following subjects without being limited to :

  1. My server setup
    1. Provider
    2. Hardware specs
    3. The installed operating system
    4. My disk partitioning
    5. Setting up local and backup store for vms and container backups
    6. Setting up a private network for the containers and virtual machines
    7. Setting up port forwarding to be able to connect directly through ssh to the containers and virtual machines
    8. Installation of fish
    9. lxc containners
    10. Proxmox bindmounts explained
    11. Installing a dhcp server
    12. Securing the different sites with lets encrypt
    13. Installing Gitea
    14. Installing emby
    15. Installing nextcloud
    16. Installing a torrent server linked to emby and remote controlled by web or by smartphone
    17. Setting up a personnal blog with hugo with support of disqus comments
    18. Installing OSx Catalina
    19. Todo : install Taiga
    20. Todo : setting up a small dns server
    21. Todo setting up a secured mail server
Resources :

Networking Proxmox

Jennings in GA

Topology

topology image

This topology corresponds to Masquerading (NAT) with iptables. Masquerading allows guests having only a private IP address to access the network by using the host IP address for outgoing traffic. Each outgoing packet is rewritten by iptables to appear as originating from the host, and responses are rewritten accordingly to be routed to the original sender. The following steps will create a 10.10.10.0/24 network. If you which to have a different network, you can adapt it to your convenience.

Step 1 : Configure a new bridge interface for the private network

First edit /etc/network/interfaces

auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet dhcp
	bridge-ports eno1
	bridge-stp off
	bridge-fd 0
	
auto vmbr1
iface vmbr1 inet static
	address  10.10.10.1
	netmask  24
	bridge-ports none
	bridge-stp off
	bridge-fd 0
	bridge-vlan-aware yes
	bridge-vids 2-4094

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE

vmbr1 is the newly created bridged interface we will use for the private network. When creating VMs or containers, we will be selecting this interface.

execute :

/etc/init.d/networking restart
iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE

Check that the new interface is up :

ip a
...
4: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 56:0c:7d:73:6a:aa brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.1/24 scope global vmbr1
       valid_lft forever preferred_lft forever
    inet6 fe80::80b4:d5ff:feba:2c7/64 scope link 
       valid_lft forever preferred_lft forever

check that the static route exists :

ip route
...
10.10.10.0/24 dev vmbr1 proto kernel scope link src 10.10.10.1

You should now be able to create a container or virtual machine with a static IPv4 address using the newly create network.

Step 2 setting up the dhcp server

create a container with the following attributes :

  • bridge interface : vmbr1
  • Static (IPv4) : 10.10.10.224
  • Gateway (IPv4): 10.10.10.1

Install Dnsmasq and disable systemd resolver on the container :

sudo apt-get install dnsmasq
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved

Create a new file, /etc/dnsmasq.d/vnet, which will be used to define the subnet.

# /etc/dnsmasq.d/vnet
dhcp-range=10.10.10.3,10.10.10.100,12h
dhcp-option=option:dns-server,10.10.10.2

Finally, start Dnsmasq and enable it to start on boot.

sudo systemctl start dnsmasq
sudo systemctl enable dnsmasq

Now, the vmbr1 network interface can be selected when creating a VM or container, and DHCP can be used to properly obtain an IP address from the DHCP server.