I have an ancient laptop running Proxmox with a few containers. I want some of the containers and the Proxmox management UI to be in the LAN, and a few other containers to be in my DMZ.
I haven’t touched any of the default networking setup. There is a single VLAN-agnostic Linux bridge vmbr0 associated with the physical ethernet interface. All containers and the management UI are associated with this bridge. The interface on the physical switch to which the laptop is connected is in the DMZ VLAN.
I have some idea how to accomplish what I want but wanted to run it by you all to see if I’m making any serious errors. I need to put the physical switch port in trunking mode. Then I need to make vmbr0 VLAN-aware and create VLAN interfaces on vmbr0. My current assumption is that I can leave the management UI and the containers I want in the private LAN alone, as the private LAN is untagged, and move the public containers onto the DMZ VLAN.
When you create VMs/containers, there is an option on the network step to set the VLAN tag to use
Check out Proxmox SDN
In proxmox you create a vlan on the physical interface and not on a bridge.
Once the physical port has tagged traffic for all vlan but LAN, leave vmbr0 alone, create the new DMZ vlan in proxmox networking and a new vmbr on that vlan, that’s it.
The modern approach is to use SDN
