Creating Private Network Bridge on Proxmox VE with NAT

  • Blog
  • Creating Private Network Bridge on Proxmox VE with NAT

In this article we show you how to create a private and virtual network bridge on Proxmox with NAT configured after Proxmox VE is installed. In Proxmox virtualization infrastructure, network configuration can be done either via the CLI (manually editing network configuration files), or from an intuitive graphical user interface. Either method can be used, but a choice may depend on your Linux Administration expertise.

One advantage of modifying network configurations from GUI is that Proxmox VE does not write changes directly to /etc/network/interfaces. Instead, it will use a temporary file called /etc/network/interfaces.new, which allows many related changes at once. It also helps to ensure the network changes are correct before committing to /etc/network/interfaces , as a wrong network configuration may render a node inaccessible.

Creation of Network Bridge on Proxmox With NAT

For CLI method you’ll edit /etc/network/interfaces configuration file directly.

sudo vim /etc/network/interfaces

I’ll create a virtual network bridge based on below network parameters:

  • Network: 192.168.50.0
  • Network mask: 255.255.255.0
  • Proxmox host IP: 192.168.50.1

Print current active network interfaces on the server:

$ sudo ip -f inet a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    inet 192.168.58.236/26 brd 195.201.58.255 scope global enp4s0
       valid_lft forever preferred_lft forever

I’ll create a virtual bridge named vmbr1

auto vmbr1
iface vmbr1 inet static
 address 192.168.50.1
 netmask 255.255.255.0
 bridge_ports none
 bridge_stp off
 bridge_fd 0

Notice there is no physical interface linked to the bridge (bridge_ports none).

Configure NAT (Masquerading)

Masquerading allows your virtual machines in a private network created to access the external networks by using the host IP address for outgoing traffic. Each outgoing packet is rewritten by iptables to appear as originating from the host, and responses are rewritten accordingly to be routed to the original sender.

I’ll modify above network configurations to add routing for internet connectivity. Since my primary interface enp4s0 is connected to physical switch and has internet connectivity, we’ll route traffic coming from vmbr1 through it.

auto vmbr1
iface vmbr1 inet static
  address 192.168.50.1
  netmask 255.255.255.0
  bridge_ports none
  bridge_stp off
  bridge_fd 0
  post-up echo 1 > /proc/sys/net/ipv4/ip_forward
  post-up   iptables -t nat -A POSTROUTING -s '192.168.50.0/24' -o enp4s0 -j MASQUERADE
  post-down iptables -t nat -D POSTROUTING -s '192.168.50.0/24' -o enp4s0 -j MASQUERADE

Note that enp4s0 can be replaced with a VLAN interface or another Linux bridge. iptables provides the masquerading feature that allow instances on the private virtual network to access the internet.

Start the bridge interface

Validate your network configurations are correct by manually bringing up the bridge interface

$ sudo ifup vmbr1
Waiting for vmbr1 to get ready (MAXWAIT is 2 seconds).

Check bridge IP information:

$ ip address show dev vmbr1
3: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 16:cf:7e:23:de:1e brd ff:ff:ff:ff:ff:ff
    inet 192.168.50.1/24 brd 192.168.50.255 scope global vmbr1
       valid_lft forever preferred_lft forever
    inet6 fe80::14cf:7eff:fe23:de1e/64 scope link
       valid_lft forever preferred_lft forever

From the output it can be confirmed the IP address on the vmbr1 is correct.

You should be able to restart networking service without any failures:

sudo systemctl restart networking

Confirm status is active:

$ systemctl status networking.service
● networking.service - Raise network interfaces
   Loaded: loaded (/lib/systemd/system/networking.service; enabled; vendor preset: enabled)
   Active: active (exited) since Fri 2021-05-07 19:27:34 CEST; 29s ago
     Docs: man:interfaces(5)
  Process: 27355 ExecStart=/sbin/ifup -a --read-environment (code=exited, status=0/SUCCESS)
 Main PID: 27355 (code=exited, status=0/SUCCESS)

May 07 19:27:29 proxmox systemd[1]: Starting Raise network interfaces...
May 07 19:27:34 proxmox ifup[27355]: Waiting for DAD... Done
May 07 19:27:34 proxmox ifup[27355]: Waiting for vmbr1 to get ready (MAXWAIT is 2 seconds).
May 07 19:27:34 proxmox systemd[1]: Started Raise network interfaces.

Once you create a Virtual machine on the bridge created, it will behave as if it is directly connected to the physical network. The network, in turn, sees each virtual machine as having its own MAC, even though there is only one network cable connecting all of these VMs to the network.

Our next articles will cover more ares on Proxmox server administration. In the meantime, checkout other articles we have on Virtualization:

Your IT Journey Starts Here!

Ready to level up your IT skills? Our new eLearning platform is coming soon to help you master the latest technologies.

  • Learn at your own pace
  • Access expert-led premium content
  • Gain in-demand IT certification tips and practice questions
  • Master essential skills: Linux, Scripting and Automation, Kubernetes, Cloud, IaC, GitOps, DevOps, Cybersecurity, and more.

Be the first to know when we launch! Join our waitlist now.

Join Waiting List
Twitter Facebook Linkedin Whatsapp Reddit

Join our Linux and open source community. Subscribe to our newsletter for tips, tricks, and collaboration opportunities!

Recent Post

Categories

Leave a Comment

Your email address will not be published. Required fields are marked *

Related Post

Installing Proxmox VE 8 on Debian 12 (Bookworm)

Virtualization allows for a better and efficient compute resources utilization. One of the most used open source virtualization solutions available […]

  • NO COMMENTS
  • March 1, 2025
How To Install Proxmox VE 8 on Hetzner root server

In this article we will perform an installation of Proxmox VE 8.x on Hetzner Root Server. Hetzner is a cloud hosting company […]

  • NO COMMENTS
  • March 1, 2025
Best Books To Learn VMware ESXi Virtualization in 2025

Borrowing its definition from Wikipedia, VMware ESXi (formerly ESX) is an enterprise-class, type-1 hypervisor developed by VMware for deploying and […]

  • NO COMMENTS
  • March 1, 2025

You can connect with CloudSpinx using the following channels

Hosting Services  
Consultancy Services
Development Services
Networking Services
  • Structured Cabling
  • Firewall solutions
  • Smart Home Solutions
  • Internet filtering
  • Surveillance
  • Communication
Storage & Backup
  • NAS / SAN Storage
  • Software-defined storage (SDS)
  • OS / Apps Backups
  • CCTV Backups
  • Data Recovery
Office Services
Business Applications
  • ERP
  • CRM
  • POS
  • Project Management
  • Communication
  • Communication & Collaboration
  • Accounting & Finance
  • Asset Management
  • E-commerce Platforms
  • Business intelligence
Latest Articles
Newsletter
Follow Us
X-twitter Linkedin Facebook-f Github
Contact US
© Copyright 2025 CloudSpinx Limited
Download CloudSpinx Profile!

Cancellation Policy

Refund Policy

TOS

Let's Connect

Unleash the full potential of your business with CloudSpinx. Our expert solutions specialists are standing by to answer your questions and tailor a plan that perfectly aligns with your unique needs.
You will get a response from our solutions specialist within 12 hours
We understand emergencies can be stressful. For immediate assistance, chat with us now

Contact CloudSpinx today!

Download CloudSpinx Profile

Discover the full spectrum of our expertise and services by downloading our detailed Company Profile. Simply enter your first name, last name, and email address.