this post was submitted on 01 Jul 2026
14 points (100.0% liked)

Selfhosted

60366 readers
570 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

What is the best way to provide internet access to guests on a Proxmox VXLAN? Is it:

  1. One node (host) in the cluster is the default gateway, all traffic is routed through it. Sounds clean and simple but there's multiple layers of jank to get it working, if it works at all
  2. Have a guest (lxc or VM) on the VXLAN act as a gateway. Give it two NICs - one on the vnet and another on the hosts bridge (physical lan), route traffic through the second.

My default approach is the first but despite hours of tinkering and forwarding tricks it never works. I'm leaning more to the second but having a dedicated gateway guest seems like a waste of resources - logically the host should be doing it.

And yes, SNAT is enabled ๐Ÿ˜…

you are viewing a single comment's thread
view the rest of the comments
[โ€“] possiblylinux127@lemmy.zip 1 points 1 day ago* (last edited 1 day ago)

Do you need VXlan? Unless you are doing something really funky, regular vlans should work fine. VXlan is only really useful in very large environments where you want to have layer 2 traffic flow over layer 3 networks. I would strongly recommend that you just stick to regular vlans since they are simple to work with and all you need is a router somewhere on your network to terminate the connection.