# Proxmox notes This document documents Proxmox networking running on a dedicated server with a single IPv4 address. This process uses [`proxmox-ve_9.0-1.iso`](https://enterprise.proxmox.com/iso/proxmox-ve_9.0-1.iso). The process is developed and tested as a VM on another Proxmox host. ## Initial setup Via `ssh root@`. ### [Configure the no-subscription repository](https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#sysadmin_no_subscription_repo) ``` # cat >/etc/apt/sources.list.d/proxmox.sources Types: deb URIs: http://download.proxmox.com/debian/pve Suites: trixie Components: pve-no-subscription Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg ^D ``` ### Update and reboot ``` # apt update # apt full-upgrade # shutdown -r now ``` ## Initial network configuration The installer creates `/etc/network/interfaces`: ``` auto lo iface lo inet loopback iface ens18 inet manual auto vmbr0 iface vmbr0 inet static address 10.43.43.6/25 gateway 10.43.43.1 bridge-ports ens18 bridge-stp off bridge-fd 0 source /etc/network/interfaces.d/* ``` ; `10.43.43.6` is the address in the internal network of the parent Proxmox host. `10.43.43.1` is the address of the parent Proxmox host that acts as the gateway. `ens18` is the virtual network interface of the Proxmox VM. ## Configure NAT Refer to [Masquerading (NAT) with iptables](https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#sysadmin_network_masquerading). Edit `/etc/network/interfaces` to make the private network on `vmbr0`. Like the Proxmox documentation, this snippet uses the `10.10.10.0/24` network, with 256 addresses `10.10.10.0`-`10.10.10.255`. ``` # See https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#sysadmin_network_masquerading auto lo iface lo inet loopback auto ens18 iface ens18 inet static address 10.43.43.6/25 gateway 10.43.43.1 auto vmbr0 iface vmbr0 inet static address 10.10.10.1/24 bridge-ports none bridge-stp off bridge-fd 0 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o ens18 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o ens18 -j MASQUERADE source /etc/network/interfaces.d/* ``` Reboot at this point to verify that networking on startup applies correctly. After rebooting, verify the network configuration: ``` root@p9:~# ip a 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host noprefixroute valid_lft forever preferred_lft forever 2: ens18: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether bc:24:11:6e:bf:7c brd ff:ff:ff:ff:ff:ff altname enp0s18 altname enxbc24116ebf7c inet 10.43.43.6/25 scope global ens18 valid_lft forever preferred_lft forever inet6 fe80::be24:11ff:fe6e:bf7c/64 scope link proto kernel_ll valid_lft forever preferred_lft forever 3: vmbr0: mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 link/ether 3e:2d:f2:57:7e:0c brd ff:ff:ff:ff:ff:ff inet 10.10.10.1/24 scope global vmbr0 valid_lft forever preferred_lft forever inet6 fe80::3c2d:f2ff:fe57:7e0c/64 scope link proto kernel_ll valid_lft forever preferred_lft forever ``` VMs and LXC containers should be able to use `10.10.10.x` addresses and connect to the Internet through Proxmox. ## Configure dnsmasq dnsmasq is a simple to configure DHCP/DNS integrated server. ``` root@p9:~# apt install dnsmasq ``` `/etc/dnsmasq.conf` contains configuration documentation. By default, `/etc/default/dnsmasq` configures dnsmasq to include configuration files in `/etc/dnsmasq.d`, to leave `dnsmasq.conf` untouched. Create `/etc/dnsmasq.d/internal`: ``` domain-needed no-resolv no-hosts server=10.43.43.1 # your upstream DNS server local=/p9net.example.com/ domain=p9net.example.com dhcp-range=10.10.10.64,10.10.10.126,255.255.255.0,255.255.255.255,48h dhcp-option=option:router,10.10.10.1 ``` This allocates 63 addresses in the `10.10.10.64`-`10.10.10.126` for automatic VM and LXC host addresses, leaving you other ranges for other purposes. Machines using DHCP get host names like `p9net.example.com` that cannot be used in public DNS. If you have a domain `foo.com`, you can use a subdomain `x.y.z.foo.com`. Edit `/etc/resolv.conf` so that the Proxmox machine uses dnsmasq and the internal domain for DNS: ``` domain p9net.example.com search p9net.example.com nameserver 127.0.0.1 ``` Reboot to verify that everything applies correctly. Verify DNS configuration by running `host some.domain.you.know`. ### LXC test Create an LXC container with the web interface: * Hostname: `lxc.p9net.example.com` * Template: `debian-13-standard` * IPv4: DHCP After the container starts: * Run `apt full-upgrade -U` to update. This verifies that DNS and Internet work. * Run `ip a` to verify that you get an IP in the DHCP range. * Run `ssh root@lxc` on the Proxmox host to verify that DNS resolution in Proxmox works. (By default, the Debian 13 template disables root password logins.) ### VM test Download a live system, such as [`debian-live-13.1.0-amd64-gnome.iso`](https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-13.1.0-amd64-gnome.iso) to the Proxmox ISO repository. * Name: `vm.p9net.example.com` * ISO image: `debian-live-13.1.0-amd64-gnome.iso` When the live image boots: * Use Firefox to verify that DNS and Internet work. * Run `ssh root@lxc` to verify that you can connect to other hosts in the Proxmox network.