until now I was using a plain Debian as my router, but I now own some hardware from MikroTik and though it would be a good idea to migrate the Debian machine to RouterOS. But now I have some problems on how to configure everything the correct way.
First of all the exact setup until now:
I am using Proxmox VE to provide Virtual Machines and every Proxmox VE host runs its own Router VM (Debian until now). This Router VM has two network interfaces where the first one is connected to the "WAN" with a public IP address (lets assume
) and the second one is connected to a (virtual) switch where also the every single VM is connected to.
For the VMs I have some public subnets (lets assume
) which get routed via
. The second network interface of the (Debian) RouterVM had configured an IP address per subnet (in this case it would be
) and all remaining IP addresses of the subnet where routed via its own VLAN to the trunk port of the (virutal) switch. (10.1.0.2 => VLAN 101, 10.1.0.3 => VLAN 102, ..., 10.2.0.2 => VLAN 201, ...)
Every VM then had its own access/untagged port on the switch to isolate the VMs from each other and prevent customers using IP addresses they should not use.
After some ours of tinkering I gave up now, I were unable to set up the same system using RouterOS. I came the furthest when I created the VLAN interfaces (Interfaces > VLAN), a Bridge which got the subnets IP address (e.g. 10.1.0.1) and added all the VLAN interfaces as a port to the bridge, but still its not working very reliable, there are a lot of issues regarding ARP requests. It seems like RouterOS iignores the ARP response from the clients VM.
I am not a network expert and would really appreciate it if someone could help me on how to set this up, or at least give me some advice/tipps/tricks/... because I dont have any ideas left what I could try.