×


How to setup a VM as a NAT network in Proxmox with All internal IPs handled by DNSmasq ?

  • Home
  • Blog
  • How to setup a VM as a NAT network in Proxmox with All internal IPs handled by DNSmasq ?
How to setup a VM as a NAT network in Proxmox with All internal IPs handled by DNSmasq ?

Here we will use One public IP address with all internal IPs handled by DNSmasq in LXC container, DHCP service provided by DNSmasq, and DNS service provided by Pi-hole, Pi-hole in a LXC container:

  • Create a new bridge in Proxmox.
  • Configure the bridge to use NAT.
  • Assign an IP address and subnet mask to the bridge.
  • Configure DNSmasq to listen on the bridge.
  • Configure DNSmasq to provide DHCP service.
  • Create a new LXC container for Pi-hole.
  • Install Pi-hole in the LXC container.
  • Configure Pi-hole to use DNSmasq as its upstream DNS server.
  • Configure the DHCP server on the Proxmox server to point to Pi-hole as the DNS server.


Here are some additional details about each step:


Step 1: Create a new bridge in Proxmox.

This will create a virtual network interface that will be used to connect the LXC containers to the internet. 

To do this:

  • Log in to the Proxmox web interface.
  • Click on the Networking tab.
  • Click on the Bridges tab.
  • Click on the Add button.
  • Enter a name for the bridge.
  • Select the NAT option.
  • Assign an IP address and subnet mask to the bridge.
  • Click on the Create button.


Step 2: Configure the bridge to use NAT.

This will allow the LXC containers to access the internet using the Proxmox server's public IP address.

To do this:

  • Open the /etc/network/interfaces file on the Proxmox server.
  • Find the line that starts with iface vmbr0.
  • Add the following lines to the end of the file:
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE


Step 3: Assign an IP address and subnet mask to the bridge.

This will define the network range that will be used by the LXC containers.

To do this:

  • Open the /etc/network/interfaces file on the Proxmox server.
  • Find the line that starts with iface vmbr0.
  • Update the address and netmask parameters to match the IP address and subnet mask you want to use.


Step 4: Configure DNSmasq to listen on the bridge.

This will tell DNSmasq to listen for DHCP and DNS requests on the bridge interface.

To do this:

  • Edit the /etc/dnsmasq.conf file on the Proxmox server.
  • Add the following lines to the file:
interface=vmbr0
dhcp-range=192.168.1.100,192.168.1.200,24h

The interface parameter specifies the network interface that DNSmasq will listen on for DHCP requests.

The dhcp-range parameter specifies the range of IP addresses that DNSmasq will assign to DHCP clients. The first parameter is the starting IP address, the second parameter is the ending IP address, and the third parameter is the lease time.

The 24h in the dhcp-range parameter specifies that the lease time is 24 hours. This means that the DHCP client will be assigned the same IP address for 24 hours before it has to renew its lease.


Step 5: Configure DNSmasq to provide DHCP service.

Once you have edited the /etc/dnsmasq.conf file, you need to restart the DNSmasq service.

This will tell DNSmasq to assign IP addresses to the LXC containers when they boot up.

To restart the DNSmasq service, run the following command:

$ sudo systemctl restart dnsmasq

Once you have restarted the DNSmasq service, DNSmasq will start providing DHCP service to the LXC containers.


Step 6: Create a new LXC container for Pi-hole.

This will create a new container that will run the Pi-hole software.

To do this:

  • Log in to the Proxmox web interface.
  • Click on the Virtual Machines tab.
  • Click on the Create button.
  • Enter a name for the virtual machine.
  • Select the Linux operating system.
  • Select the NAT network.
  • Click on the Create button.


Step 7: Install Pi-hole in the LXC container.

This will install the Pi-hole software on the container.

Follow the instructions on the Pi-hole website: https://pi-hole.net/ or via https://github.com/pi-hole/pi-hole/#one-step-automated-install to install Pi-hole in the LXC container.

You can Manually download the installer and run:

$ wget -O basic-install.sh https://install.pi-hole.net
$ sudo bash basic-install.sh

or 

Install Pi-hole using the following command:

$ curl -sSL https://install.pi-hole.net | bash

After installation, you can access it via it's Web Interface Dashboard.

http://<IP_ADDRESS_OF_YOUR_PI_HOLE>/admin/

or

http://pi.hole/admin/ (when using Pi-hole as your DNS server)


Step 8: Configure Pi-hole to use DNSmasq as its upstream DNS server.

This will tell Pi-hole to use DNSmasq to resolve DNS queries.

To do this:

  • Open the /etc/pihole/pihole-FTL.conf file in the LXC container.
  • Find the line that starts with server=/.
  • Change the value of the server parameter to 127.0.0.1


Note: More information about this here at https://pi-hole.net/


Step 9: Configure the DHCP server on the Proxmox server to point to Pi-hole as the DNS server.

This will tell the DHCP server to give out Pi-hole's IP address as the DNS server to the LXC containers.

To do this:

  • Edit the /etc/dhcp/dhcpd.conf file on the Proxmox server.
  • Find the line that starts with option domain-name-servers.
  • Add the following line to the end of the line:
127.0.0.1
Step 10: Restart the DHCP server.

To restart the DHCP server, you need to run the following command:

$ sudo systemctl restart dhcpd

This will restart the DHCP service and update the list of DNS servers that the DHCP server will give out to DHCP clients.


Note: 

The DHCP server is responsible for assigning IP addresses to DHCP clients. When a DHCP client boots up, it will send a DHCPDISCOVER message to the network. The DHCP server will receive this message and respond with a DHCPOFFER message. The DHCPOFFER message will contain the IP address, subnet mask, gateway, and DNS servers that the DHCP client should use.


If you have changed the list of DNS servers that the DHCP server should use, you need to restart the DHCP server so that the DHCP clients will receive the updated list of DNS servers.


Here are some additional details about restarting the DHCP server:

The systemctl command is used to manage system services. The restart option is used to restart a service.

The dhcpd service is the name of the DHCP server service.


Once you have restarted the DHCP server, the DHCP clients will be assigned new IP addresses and will use the updated list of DNS servers.


Once you have completed these steps, all of the LXC containers will be able to access the internet and have their DNS requests resolved by Pi-hole.


Conclusion

In this guide, you have learnt how to configure DNSmasq to provide DHCP service and how to configure Pi-hole to use DNSmasq as its upstream DNS server.


By following these steps, you can easily create a private network for your virtual machines that can access the internet and have their DNS requests resolved by Pi-hole.


Related Post

error-spawn-sendmail-enoent

Error Spawn Sendmail ENOENT - How to fix this issue ?

Set-Up-Virtual-Machines-on-a-NAT-Network-in-Proxmox

Set Up and use and DNS for Virtual Machines on a NAT Network in Proxmox - How to do it ?

Create Mind Maps Within the Linux Terminal With h-m-m

How to Create Mind Maps Within the Linux Terminal With h-m-m (Hackers Mind Map) ?

How Chmod 777 works

Add User To Group in Linux

Resources