proxmox - multiple Nics
- Thread starter skjom
- Start date
duplo
Getting comfortable
you can use multiple nics with proxmox, no problem.
i have a pfsense vm with multiple nics and vlans which acts as the main router, the whole machine can also talk to two real seperate networks. all no problem.
in your case you can simply use the build in firewall to control the traffic .
pve.proxmox.com
its a vm, its already seperate and isolated. you (the host) control what goes out and what in
people using 2 physical nics / different subnets or whatever do this for some reason.. like
etc
i have a pfsense vm with multiple nics and vlans which acts as the main router, the whole machine can also talk to two real seperate networks. all no problem.
in your case you can simply use the build in firewall to control the traffic .
Firewall - Proxmox VE
its a vm, its already seperate and isolated. you (the host) control what goes out and what in
people using 2 physical nics / different subnets or whatever do this for some reason.. like
- not in network tech
- want to keep it simple
- no real firewall (only consumer router)
- no managed switch (no vlans possible)
- dont trust software and still believe physical connections are the way to go
etc
Last edited:
duplo
Getting comfortable
Your cams are limited by the 10/100 connections and everything above 16mbit stream will eat so much space on your harddrives. the benefit will be only little when comparing the image.
1G uplink
1000/16 = around 62 cameras
so do your own math and think what vms you need. if you dont have any vm plans just install it baremetal.
1G uplink
1000/16 = around 62 cameras
so do your own math and think what vms you need. if you dont have any vm plans just install it baremetal.
If not using Vlans would it not be more secure to use dual NIc, this is what chatgpt says :
### Benefits of Dual NIC Setup
1. Network Isolation: One NIC can be dedicated to the cameras and the other to the main network, providing physical isolation.
2. Traffic Segregation: It ensures that camera traffic does not mix with your main network traffic, reducing the risk of potential security breaches.
3. Performance Improvement: Separating traffic can improve overall network performance and reduce congestion.
### Steps to Configure Dual NIC on Proxmox
#### 1. Hardware Setup
- Install Second NIC: Ensure your Proxmox host has a second NIC installed and recognized by the system.
#### 2. Proxmox Network Configuration
1. Identify NICs: Identify the network interfaces. Typically, they might be named
- Use
2. Configure Network Interfaces:
- Edit the network configuration file:
-
-
3. Create Bridge for Camera Network:
- Create a new Linux bridge for the camera network.
-
#### 3. Configure Blue Iris VM
1. Assign NICs:
- Assign the
2. Network Configuration within VM:
- Configure the VM’s network interface to use the
3. Blue Iris Configuration:
- Configure Blue Iris to use the IP addresses of your cameras in the 192.168.2.x subnet.
### Firewall Rules and Security
#### Example Firewall Rules on Proxmox Host
- Install and Configure
### Conclusion
Using a dual NIC setup on your Proxmox host allows you to effectively isolate your camera network from your main network, improving security and performance. This setup provides a practical alternative to VLANs by physically segregating network traffic and implementing firewall rules to control communication between networks.
Using a dual NIC setup on your Proxmox host can be an effective way to isolate your insecure cameras from the rest of your network, especially if you don’t have VLAN capability. Here's how you can set this up and the benefits it offers:
### Benefits of Dual NIC Setup
1. Network Isolation: One NIC can be dedicated to the cameras and the other to the main network, providing physical isolation.
2. Traffic Segregation: It ensures that camera traffic does not mix with your main network traffic, reducing the risk of potential security breaches.
3. Performance Improvement: Separating traffic can improve overall network performance and reduce congestion.
### Steps to Configure Dual NIC on Proxmox
#### 1. Hardware Setup
- Install Second NIC: Ensure your Proxmox host has a second NIC installed and recognized by the system.
#### 2. Proxmox Network Configuration
1. Identify NICs: Identify the network interfaces. Typically, they might be named
eth0, eth1, etc.- Use
ip a or ifconfig to list network interfaces.2. Configure Network Interfaces:
- Edit the network configuration file:
/etc/network/interfaces.
Code:
plaintext
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.1
auto eth1
iface eth1 inet static
address 192.168.2.2
netmask 255.255.255.0eth0 connects to your main network.-
eth1 connects to your camera network.3. Create Bridge for Camera Network:
- Create a new Linux bridge for the camera network.
Code:
plaintext
auto vmbr1
iface vmbr1 inet static
address 192.168.2.3
netmask 255.255.255.0
bridge_ports eth1
bridge_stp off
bridge_fd 0vmbr1 will bridge eth1 for use with your VMs/containers.#### 3. Configure Blue Iris VM
1. Assign NICs:
- Assign the
vmbr1 interface to the Blue Iris VM in Proxmox.
Code:
plaintext
hardware
network device
add- Configure the VM’s network interface to use the
vmbr1 bridge.
Code:
plaintext
auto eth0
iface eth0 inet static
address 192.168.2.4
netmask 255.255.255.0
gateway 192.168.2.2- Configure Blue Iris to use the IP addresses of your cameras in the 192.168.2.x subnet.
### Firewall Rules and Security
- Restrict Access: Set up firewall rules to ensure only necessary communication between the Blue Iris server and the camera network.
- Block Unwanted Traffic: Block any outbound traffic from the camera network to the internet unless explicitly required.
#### Example Firewall Rules on Proxmox Host
- Install and Configure
iptables:
Code:
sh
# Allow traffic from camera network to Blue Iris VM
iptables -A FORWARD -i eth1 -o vmbr1 -s 192.168.2.0/24 -d 192.168.2.4 -j ACCEPT
# Block all other traffic from camera network to main network
iptables -A FORWARD -i eth1 -o eth0 -j DROPUsing a dual NIC setup on your Proxmox host allows you to effectively isolate your camera network from your main network, improving security and performance. This setup provides a practical alternative to VLANs by physically segregating network traffic and implementing firewall rules to control communication between networks.
duplo
Getting comfortable
What do you want to say with this pasted bullshit ?
There are requirements using vlans, what i already wrote. if vlans are not possible, you have to build up 2 physical networks with hardware for both
There are requirements using vlans, what i already wrote. if vlans are not possible, you have to build up 2 physical networks with hardware for both
I don't really think it's BS. ChatGPT is quite useful for computer and network questions.
What I was asking is if VLANS are not possible is it still worth using dual NIC with proxmox , given the proxmox host effectively bridges those two networks.
Potentially yes it reduces attack surface and as you said the proxmox firewall can be configured , however an isolated physical host i would think dedicated to cameras is more secure.
My overall point was there is a number of discussions in the forum on dual NIC for security which is a no brainer I thought..But wanted to know did that still apply when using proxmox