bwanaaa Posted July 26, 2011 Share Posted July 26, 2011 in your pic of two subnets sharing one router, how do you get that to happen? That means that a router would need two gateways to the net-one for each subnet. i have not seen that in a router-but then again, i've only seen consumer grade devices. Quote Link to comment Share on other sites More sharing options...
chr0megreyl0tus Posted July 26, 2011 Author Share Posted July 26, 2011 One of the techs i asked suggest that i follow this scheme. Modem--->Router-->Wrt300n (or any other DDWrt flashed router)---> Server The main objective is to achieve internet connection to the proxmox server but to also isolate it from my main network. The router is hooked up to all the computers on my network. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 26, 2011 Share Posted July 26, 2011 in your pic of two subnets sharing one router, how do you get that to happen? That means that a router would need two gateways to the net-one for each subnet. i have not seen that in a router-but then again, i've only seen consumer grade devices. Ohh, in that picture the router is using a routing protocol (eg, RIP or IGRP) to split the the two subnets. So that's how it's possible to have two different subnets using the same gateway. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 26, 2011 Share Posted July 26, 2011 (edited) One of the techs i asked suggest that i follow this scheme. Modem--->Router-->Wrt300n (or any other DDWrt flashed router)---> Server The main objective is to achieve internet connection to the proxmox server but to also isolate it from my main network. The router is hooked up to all the computers on my network. I may be wrong, but somehow I don't think your server is being isolated. You can try following this tech suggestion, and see how you go but if you can still ping your server from your main computer than its not called isolation. Edited July 26, 2011 by Infiltrator Quote Link to comment Share on other sites More sharing options...
chr0megreyl0tus Posted July 26, 2011 Author Share Posted July 26, 2011 Yes that's whats happening right now i can still ping my main computer =(. I think the most likely answer though is that i am configuring it wrong. Quote Link to comment Share on other sites More sharing options...
chr0megreyl0tus Posted July 29, 2011 Author Share Posted July 29, 2011 So any ideas how i can isolate my Proxmox server while the Vms still have access to the internet ? I am okay with multiple nics and by multiple i mean 2 but to have a nic per Vm is not a viable option for me. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 29, 2011 Share Posted July 29, 2011 So any ideas how i can isolate my Proxmox server while the Vms still have access to the internet ? I am okay with multiple nics and by multiple i mean 2 but to have a nic per Vm is not a viable option for me. That is a very interesting situation, I'm still thinking on a solution for this. Quote Link to comment Share on other sites More sharing options...
chr0megreyl0tus Posted August 1, 2011 Author Share Posted August 1, 2011 The main reason is waant to have machines to play around with backtrack and i want to keep back track and several virtual machines up to date because its no fun exploiting a really really outdated machine.Also it allows me to play around with analyzing captures and other stuff. I suppose i don't need it i just find it a big annoyance if i don't have internet to my vms. The reason why i want to isolate it is that i'm afraid that vms that are not up to date can easily be compromised and used as a pivot of some-kind and i dont want my home computers to be on the same network. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted August 1, 2011 Share Posted August 1, 2011 The reason why i want to isolate it is that i'm afraid that vms that are not up to date can easily be compromised and used as a pivot of some-kind and i dont want my home computers to be on the same network. It would be very difficult for someone to compromise your virtual machines. They will have to be completely exposed to the Internet. Furthermore, I hardly keep my virtual machines updated and the only protection they have is Avast (antivirus). Never had problems with virus infection, and to be frank I open all sorts of files on my VMs. Avast is certainly doing a good job. Moreover, it all depends on how/what you use your VMs for. For instance my VMs are only used for downloading torrents and nothing else. Now if you are using your VM for hosting servers then I can see the need for keeping them updated. However, there is a way to maintain your server and VMs isolated but updated. What you could do is, have it connect to the Internet for updating only and to isolate them have the server connected to a router that isn't hooked up to the modem. Quote Link to comment Share on other sites More sharing options...
hellonewman Posted August 9, 2011 Share Posted August 9, 2011 If you have one router that supports Vlans (such as DD-WRT) , then you don't need two routers. If you don't have a router that supports Vlans, then the only other way you can break up the network is by using two routers. Routers break up networks as do Vlans, switches do not. I think some are confused as to what the rolls of routers and switches are ... ex using two routers could be like this: 192.168.1.x MODEM/ISP -> [WAN]Router 1 [LAN port 1] Client 1 private network (192.168.10.10) \ [LAN port 2] Client 2 private network (192.168.10.11) ---Default Gateway is Router 1's IP 192.168.10.1 [LAN port 3] Client 3 private network (192.168.10.12) / [LAN port 4] [WAN]Router 2 [LAN port 1] VM Box (192.168.20.10) Default Gateway is Router 2's IP 192.168.20.1 192.168.20.x Make sense? Hope that helps :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.