# Networking

This article covers how to create additional network bridges and set up an isolated network for your virtual machines — separating VM traffic from the Proxmox management interface.

After installation, Proxmox creates one Linux bridge:

- **vmbr0** — connected to your physical NIC (eth0/enp3s0), carries management and VM traffic

#### Creating a New Bridge for VM Traffic

1. In the web console, go to your Node > Network
2. Click Create > Linux Bridge
3. Configure:  
     • Name: vmbr1 (or any available name)  
     • IP Address / CIDR: leave blank for a pure internal bridge (no host routing), OR assign an IP if you want the host to route between networks  
     • Bridge ports: leave blank for internal-only, or enter a NIC name to connect to physical network
4. Click Create, then click Apply Configuration
5. Reboot may be needed for changes to take full effect

#### Assigning a VM to a New Bridge

1. Select the **VM** > **Hardware** > Select the **network device**
2. Click **Edit,** change the **Bridge** to **vmbr1**
3. Click **OK**
4. **Reboot** the VM

#### NAT and Routing

This step is Optional. To allow VMs on an internal bridge (vmbr1) to reach the internet through the Proxmox host, enable IP forwarding and NAT:

1. Enable IP forwarding:

```bash
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -p
```

2. Add NAT rule (replace 192.168.100.0/24 with your VM subnet):

```bash
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -o vmbr0 -j MASQUERADE
```

3. Make the rule persistent (install iptables-persistent):

```bash
apt install -y iptables-persistent
```