In this scenario I wanted to be able to run several VMs that can communicate with each other on a private subnet e.g. 10.10.10.* and also be access the internet for updates etc. Eventually I want to expose some of the internal services.
My proxmox server has one network interface with an internet facing IP address on nic enp0s20f0 and the vmbr0 bridge already exists for internet facing VMs.
I amended the /etc/network/interfaces file to add a definition for a new bridge/switch. I added the following, then rebooted:
auto vmbr2 iface vmbr2 inet static address 10.10.10.1 netmask 255.255.255.0 bridge-ports none bridge-stp off bridge-fd 0 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o enp0s20f0 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o enp0s20f0 -j MASQUERADE
Notice that the NAT rules point to the NIC that has internet access already. And that ‘none’ is specified for the bridge-ports – keeping network traffic internal.
Create the VMs
Then I created some new VMs setting the network interface for the VM to use vmbr2. I manually assigned an IP address of 10.10.10.10/24 and a gateway of 10.10.10.1
After booting each VM I needed to stop firewalld on the VMs and was then able to apply updates and ping the other private IP. I was also able to SSH into the private IP addresses from the CLI of the proxmox host.
Next step is to create some VMs for kubernetes.