{"id":356,"date":"2026-03-03T19:56:33","date_gmt":"2026-03-03T18:56:33","guid":{"rendered":"https:\/\/netcloud24.com\/pl\/blog\/?p=356"},"modified":"2026-03-03T20:00:23","modified_gmt":"2026-03-03T19:00:23","slug":"konfiguracja-prywatnej-sieci-172-16-61-0-24-z-dhcp-i-nat-proxmox","status":"publish","type":"post","link":"https:\/\/netcloud24.com\/pl\/blog\/konfiguracja-prywatnej-sieci-172-16-61-0-24-z-dhcp-i-nat-proxmox\/","title":{"rendered":"Konfiguracja prywatnej sieci 172.16.61.0\/24 z DHCP i NAT – Proxmox"},"content":{"rendered":"

 <\/p>\n

 <\/p>\n

\n

Poradnik: Konfiguracja prywatnej sieci 172.16.61.0\/24 z DHCP i NAT<\/h1>\n

\u015arodowisko: Proxmox \/ Debian \/ Ubuntu Server<\/p>\n<\/header>\n

\n

1. Za\u0142o\u017cenia architektury<\/h2>\n
\n
    \n
  • Sie\u0107 prywatna: 172.16.61.0\/24<\/strong><\/li>\n
  • Brama: 172.16.61.1<\/strong> (vmbr1)<\/li>\n
  • Dost\u0119p do Internetu przez: vmbr0<\/strong><\/li>\n
  • DHCP z rezerwacjami statycznymi (fixed-address)<\/li>\n
  • NAT (MASQUERADE) dla ca\u0142ej podsieci<\/li>\n<\/ul>\n<\/div>\n<\/section>\n
    \n

    2. Konfiguracja mostu vmbr1<\/h2>\n

    Plik: \/etc\/network\/interfaces<\/code><\/p>\n

    source \/etc\/network\/interfaces.d\/*\r\n\r\nauto vmbr1\r\niface vmbr1 inet static\r\n        address  172.16.61.1\r\n        netmask  255.255.255.0\r\n        bridge_ports none\r\n        bridge_stp off\r\n        bridge_fd 0\r\n\r\n        post-up echo 1 > \/proc\/sys\/net\/ipv4\/ip_forward\r\n        post-up   iptables -t nat -A POSTROUTING -s '172.16.61.0\/24' -o vmbr0 -j MASQUERADE\r\n        post-down iptables -t nat -D POSTROUTING -s '172.16.61.0\/24' -o vmbr0 -j MASQUERADE<\/code><\/pre>\n
    Co robi ta konfiguracja?<\/h3>\n
      \n
    • Tworzy prywatny bridge bez fizycznej karty sieciowej<\/li>\n
    • Ustawia bram\u0119 172.16.61.1<\/li>\n
    • W\u0142\u0105cza IP forwarding<\/li>\n
    • Tworzy NAT (masquerade) do Internetu przez vmbr0<\/li>\n<\/ul>\n
      Po zmianach wykonaj: systemctl restart networking<\/code> lub reboot.<\/p>\n<\/section>\n
      \n
      3. Instalacja serwera DHCP<\/h2>\n
      apt update\r\napt install isc-dhcp-server -y<\/code><\/pre>\n
      Ustaw interfejs w pliku:<\/p>\n
      \/etc\/default\/isc-dhcp-server\r\n\r\nINTERFACESv4=\"vmbr1\"<\/code><\/pre>\n<\/section>\n
      \n
      4. Konfiguracja DHCP<\/h2>\n
      Plik: \/etc\/dhcp\/dhcpd.conf<\/code><\/p>\n
      ddns-update-style none;\r\ndefault-lease-time 600;\r\nmax-lease-time 7200;\r\nlog-facility local7;\r\noption rfc3442-classless-static-routes code 121 = array of integer 8;\r\noption ms-classless-static-routes code 249 = array of integer 8;\r\n\r\nsubnet 172.16.61.0 netmask 255.255.255.0 {\r\n    authoritative;\r\n    default-lease-time 21600000;\r\n    max-lease-time 432000000;\r\n    option routers 172.16.61.1;\r\n    option domain-name-servers 8.8.8.8,4.2.2.1;\r\n\r\n    host VM_1 {\r\n        hardware ethernet 02:00:00:2e:3f:c5;\r\n        fixed-address 172.16.61.3;\r\n    }\r\n\r\n    host VM_2 {\r\n        hardware ethernet 02:00:00:2e:3f:b5;\r\n        fixed-address 172.16.61.4;\r\n    }\r\n\r\n    host VM_3 {\r\n        hardware ethernet 02:00:00:2d:3f:b5;\r\n        fixed-address 172.16.61.6;\r\n    }\r\n}<\/code><\/pre>\n
      Wyja\u015bnienie:<\/h3>\n
        \n
      • authoritative<\/strong> \u2013 serwer jest g\u0142\u00f3wnym DHCP dla tej sieci<\/li>\n
      • option routers<\/strong> \u2013 brama domy\u015blna<\/li>\n
      • option domain-name-servers<\/strong> \u2013 DNS<\/li>\n
      • host<\/strong> \u2013 rezerwacja IP po MAC<\/li>\n<\/ul>\n<\/section>\n
        \n
        5. Uruchomienie us\u0142ugi<\/h2>\n
        systemctl restart isc-dhcp-server\r\nsystemctl enable isc-dhcp-server\r\nsystemctl status isc-dhcp-server<\/code><\/pre>\n<\/section>\n
        \n
        6. Test dzia\u0142ania<\/h2>\n
        Sprawdzenie NAT<\/h3>\n
        iptables -t nat -L -n -v<\/code><\/pre>\n
        Sprawdzenie IP Forwarding<\/h3>\n
        cat \/proc\/sys\/net\/ipv4\/ip_forward<\/code><\/pre>\n
        Sprawdzenie log\u00f3w DHCP<\/h3>\n
        journalctl -u isc-dhcp-server<\/code><\/pre>\n<\/section>\n
        \n
        7. Schemat dzia\u0142ania<\/h2>\n
        VM (172.16.61.x)
        \n\u2193
        \nvmbr1 (172.16.61.1)
        \n\u2193
        \nNAT (iptables MASQUERADE)
        \n\u2193
        \nvmbr0 (public IP)
        \n\u2193
        \nInternet<\/div>\n<\/section>\n
        \n
        8. Najcz\u0119stsze b\u0142\u0119dy<\/h2>\n
          \n
        • Brak ustawienia INTERFACESv4=”vmbr1″<\/li>\n
        • IP forwarding wy\u0142\u0105czony<\/li>\n
        • Firewall blokuje ruch<\/li>\n
        • VM nie ma ustawionej karty na vmbr1<\/li>\n<\/ul>\n<\/section>\n
          \n
          9. Podsumowanie<\/h2>\n
          Konfiguracja tworzy ca\u0142kowicie odseparowan\u0105 sie\u0107 prywatn\u0105 z pe\u0142nym dost\u0119pem do Internetu
          \nprzez NAT. Ka\u017cda maszyna wirtualna dostaje sta\u0142y adres IP na podstawie MAC.
          \nRozwi\u0105zanie idealne dla \u015brodowisk testowych, VPS prywatnych oraz izolowanych klastr\u00f3w.<\/p>\n<\/section>\n
          \n
          10. Przyk\u0142ady DNAT (Port Forwarding z vmbr0 do VM)<\/h2>\n
          Je\u017celi chcesz przekierowa\u0107 ruch z publicznego IP (vmbr0) do konkretnej maszyny w sieci prywatnej 172.16.61.0\/24, u\u017cywasz regu\u0142y DNAT w tablicy nat<\/strong>, \u0142a\u0144cuch PREROUTING<\/strong>.<\/p>\n
          Przyk\u0142ad 1: Przekierowanie portu 3000 \u2192 172.16.61.3:8007<\/h3>\n
          iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 3000 \\\r\n    -j DNAT --to-destination 172.16.61.3:8007<\/code><\/pre>\n
          Co robi ta regu\u0142a?<\/h3>\n
            \n
          • -t nat<\/strong> \u2013 u\u017cycie tablicy NAT<\/li>\n
          • PREROUTING<\/strong> \u2013 modyfikacja pakietu przed routingiem<\/li>\n
          • -i vmbr0<\/strong> \u2013 ruch przychodz\u0105cy z Internetu<\/li>\n
          • –dport 3000<\/strong> \u2013 port publiczny<\/li>\n
          • DNAT<\/strong> \u2013 zmiana adresu docelowego<\/li>\n
          • Ruch trafia finalnie na 172.16.61.3:8007<\/strong><\/li>\n<\/ul>\n
            Wymagane dodatkowe regu\u0142y FORWARD<\/h3>\n
            iptables -A FORWARD -p tcp -d 172.16.61.3 --dport 8007 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT\r\niptables -A FORWARD -p tcp -s 172.16.61.3 --sport 8007 -m state --state ESTABLISHED,RELATED -j ACCEPT<\/code><\/pre>\n
            Przyk\u0142ad 2: HTTP \u2192 VM_2<\/h3>\n
            iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 \\\r\n    -j DNAT --to-destination 172.16.61.4:80<\/code><\/pre>\n
            Usuwanie regu\u0142y<\/h3>\n
            iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 3000 \\\r\n    -j DNAT --to-destination 172.16.61.3:8007<\/code><\/pre>\n
            Trwa\u0142o\u015b\u0107 po restarcie<\/h3>\n
            Aby regu\u0142y przetrwa\u0142y restart systemu:<\/p>\n
            apt install iptables-persistent -y\r\nnetfilter-persistent save<\/code><\/pre>\n
            Internet \u2192 vmbr0 (public IP:3000)
            \n\u2193
            \nDNAT
            \n\u2193
            \n172.16.61.3:8007 (VM)<\/div>\n<\/section>\n
             <\/p>\n","protected":false},"excerpt":{"rendered":"
                Poradnik: Konfiguracja prywatnej sieci 172.16.61.0\/24 z DHCP i NAT \u015arodowisko: Proxmox \/ Debian \/ Ubuntu Server 1. Za\u0142o\u017cenia architektury Sie\u0107 prywatna: 172.16.61.0\/24 Brama:\u2026<\/p>\n","protected":false},"author":1,"featured_media":359,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-356","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/netcloud24.com\/pl\/blog\/wp-json\/wp\/v2\/posts\/356","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/netcloud24.com\/pl\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/netcloud24.com\/pl\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/netcloud24.com\/pl\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/netcloud24.com\/pl\/blog\/wp-json\/wp\/v2\/comments?post=356"}],"version-history":[{"count":4,"href":"https:\/\/netcloud24.com\/pl\/blog\/wp-json\/wp\/v2\/posts\/356\/revisions"}],"predecessor-version":[{"id":361,"href":"https:\/\/netcloud24.com\/pl\/blog\/wp-json\/wp\/v2\/posts\/356\/revisions\/361"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/netcloud24.com\/pl\/blog\/wp-json\/wp\/v2\/media\/359"}],"wp:attachment":[{"href":"https:\/\/netcloud24.com\/pl\/blog\/wp-json\/wp\/v2\/media?parent=356"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/netcloud24.com\/pl\/blog\/wp-json\/wp\/v2\/categories?post=356"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/netcloud24.com\/pl\/blog\/wp-json\/wp\/v2\/tags?post=356"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}