I have an issue that I have came up blank to, and looking for people much brighter and skilled to lend some of their talent.
I’ve got a virtualized VyOS router in Proxmox that has a virtual bridge interface that VMs live on that connect it to the appropriate interface in Proxmox. This is for a small hosting provider that I volunteer at.
The issue that we have is that it is theoretically possible for clients to “IP Hop”, they can give themselves more IP addresses or take other tenant’s IPs as they please since their VM’s network adapter connects to the VyOS interface with a /28 assigned.
I am wondering, is there a way to essentially set it up so that no IPs can be assigned/permitted unless manually via Dynamic Arp Inspection or any equivalence. I tried disabling ARP Ignore to no success, and static ARP assignments to little/no success.
Any thoughts & comments are much appreciated.