Proxmox VE Mar 4, 2025

Setting Up an Internal Network with NAT and DHCP in Proxmox VE

Proxmox VE is a powerful open-source virtualization platform widely used for managing virtual machines (VMs) and containers. In certain scenarios, you may need to set up an internal network that allows VMs to communicate with each other while connecting to the external network through the host's external IP.
Proxmox VE Network NAT DHCP
This article is suitable for users with basic Linux knowledge who have Proxmox VE installed. The following content will provide clear steps and explanations to help you complete the configuration.

Goals

  • Create an internal network using the virtual bridge vmbr1 to allow VMs to obtain private IP addresses (e.g., 192.168.100.X).
  • Enable NAT to allow VMs to connect to the external network through the host’s external IP (via vmbr0).
  • Configure DHCP service to automatically assign internal IP addresses to VMs.

Prerequisites

  • Proxmox VE is properly installed and running.
  • The host’s virtual bridge vmbr0 is connected to the external network (usually via a physical network card) and configured with a fixed external IP.
  • You have root privileges and can connect to the Proxmox VE host via SSH.

Step 1: Create Internal Bridge vmbr1

The internal bridge serves as the foundation for communication between VMs. Here, we will create a virtual bridge named vmbr1.

  1. Log in to the Proxmox VE Web Interface
    Use a browser to access your Proxmox VE management page (usually https://your_host_IP:8006) and log in as an administrator.

  2. Navigate to Network Settings
    In the left panel, click on “Datacenter” > “Your Node” > “Network”.

  3. Create a New Linux Bridge
    Click the “Create” button and select “Linux Bridge”.

  4. Fill in the Configuration Information
    In the pop-up window, enter the following settings:

    • Name: vmbr1
    • IPv4/CIDR: 192.168.100.1/24 (the host’s IP address on this internal network)
    • Gateway: Leave blank
    • Bridge Ports: Leave blank (do not connect to a physical network card)
    • Autostart: Check the box

  5. Apply Configuration
    Click “Create”, then click the “Apply Configuration” button in the upper right corner to make the changes take effect.

Explanation

vmbr1 is an independent virtual bridge isolated from the external network. Its IP range is 192.168.100.0/24, with the host’s IP in this segment being 192.168.100.1, serving as the default gateway for the internal network.

Step 2: Install and Configure ISC DHCP Server

The DHCP service will automatically assign IP addresses to VMs. Here are the steps to install and configure it.

  1. Connect to the Host via SSH
    Use an SSH tool (such as PuTTY or a terminal) to log in to the Proxmox VE host as root.

  2. Install ISC DHCP Server
    Run the following commands to update the package list and install the DHCP server:

    apt update
apt install isc-dhcp-server

  3. Set the DHCP Service Interface
    Edit the default configuration file for the DHCP service:

    nano /etc/default/isc-dhcp-server
    • Find the INTERFACESv4 line and change it to: 
      INTERFACESv4="vmbr1"
    • Ensure that INTERFACESv6 is empty: 
      INTERFACESv6=""
    • Save (Ctrl+O, Enter) and exit (Ctrl+X).

  4. Configure the DHCP Address Pool
    Edit the main DHCP configuration file:

    nano /etc/dhcp/dhcpd.conf

    Add the following content at the end of the file:

    subnet 192.168.100.0 netmask 255.255.255.0 {
    range 192.168.100.100 192.168.100.200;
    option routers 192.168.100.1;
    option subnet-mask 255.255.255.0;
    option domain-name-servers 8.8.8.8, 8.8.4.4;
    authoritative;
}

    Save and exit.

Explanation

  • subnet and netmask define the internal network segment as 192.168.100.0/24.
  • range specifies the IP range that DHCP can assign (from 192.168.100.100 to 192.168.100.200).
  • option routers sets the internal network gateway to 192.168.100.1.
  • option domain-name-servers uses Google’s public DNS servers (8.8.8.8 and 8.8.4.4).

Step 3: Enable IP Forwarding and NAT

To allow internal VMs to access the external network, you need to enable IP forwarding and configure NAT.

  1. Enable IP Forwarding
    Edit the system configuration to enable forwarding:

    echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p

  2. Set NAT Rules
    Use iptables to configure NAT, forwarding internal traffic to the external network:

    iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -o vmbr0 -j MASQUERADE

  3. Persist the Rules
    Install iptables-persistent and save the rules:

    apt install iptables-persistent

    During installation, the system will ask if you want to save the current rules; choose “Yes”.

Explanation

  • net.ipv4.ip_forward=1 enables the host’s IP forwarding feature.
  • The NAT rule forwards traffic from 192.168.100.0/24 through vmbr0 to the external network, using masquerading to allow VMs to share the host’s external IP.

Step 4: Configure VM Network

Connect the VM to the internal bridge vmbr1 and ensure its network is set to DHCP.

  1. Access VM Settings
    In the Proxmox VE Web interface, select the target VM and click on the “Hardware” tab.

  2. Edit Network Device

    • Bridge: Select vmbr1
    • Model: Keep the default (usually VirtIO)

  3. Check Internal Network Settings in the VM

    • Linux: Ensure the network interface is set to dhcp in /etc/network/interfaces, or run dhclient to obtain an IP.
    • Windows: In network settings, select “Obtain an IP address automatically”.

Step 5: Start Services and Test

Finally, start all services and verify if the configuration is effective.

  1. Start the DHCP Service

    systemctl restart isc-dhcp-server
systemctl enable isc-dhcp-server

  2. Check Service Status

    systemctl status isc-dhcp-server

    Ensure the service is running normally without error messages.

  3. Start the VM and Check IP
    In the VM, run the following commands:

    • Linux: ip addr, confirm that the obtained IP is within the 192.168.100.X range.
    • Windows: ipconfig, confirm the same.

  4. Test External Connectivity
    In the VM, run:

    • ping 8.8.8.8 (test network connectivity)
    • ping google.com (test DNS resolution)
      If both are successful, the configuration is correct.

Notes

  • IP Conflicts: Ensure that the internal IP range (192.168.100.0/24) does not overlap with the external network or other internal networks.
  • Firewall: If the host has a firewall enabled, you need to allow traffic forwarding from the internal to the external network (e.g., adjust ufw or iptables rules).
  • Performance Considerations: This configuration is suitable for small environments. For a large number of VMs, it is recommended to use a dedicated router VM (such as pfSense).
  • Fixed IP: If you need to assign a fixed IP to a specific VM, you can add a host block in /etc/dhcp/dhcpd.conf or set a static IP inside the VM.

Conclusion

Through the above steps, you have successfully set up an internal network in Proxmox VE, enabled NAT and DHCP services, allowing VMs to automatically obtain IPs and connect to the external network. This configuration is simple and practical, suitable for testing, development, or small production environments. I hope this article helps you smoothly complete the network configuration and further explore the powerful features of Proxmox VE.
Copyright: CC BY-NC-ND 3.0

Author: Reg Chien | Published Date: Mar 4, 2025

Products
Cat Feed Cloudfalre Drop
Social Media
Twitter Github Linkedin
Links
Jason Lin
Copyright © 2025 AirPost All rights reserved