This document outlines the process and key takeaways from configuring a Kamrui GK3 Plus mini PC as a Proxmox host with NAT-based networking, DNS and DHCP via dnsmasq, and Samba file sharing.
Manual NAT Configuration: I configured NAT using the /etc/network/interfaces file rather than relying on Proxmox’s built-in VNet tools.
dnsmasq for DHCP and DNS: I set up dnsmasq to act as both a DHCP and DNS server, configuring it to hand out IPs from a specified range and resolve internal names.
Samba Permissions & User Groups: I used Linux user groups and Samba share definitions to manage access controls on shared folders.
Firewall & Port Forwarding: I reviewed basic port forwarding concepts and ensured that firewall rules were in place to mitigate exposure risks.
I installed Proxmox on a Kamrui GK3 Plus Mini PC with 1TB of storage. This storage is important when dealing with file-heavy services like Samba and virtual machine storage.
Once the Proxmox ISO was flashed and installed, I added a STARRS entry under the 50net Public Fixed pool so the system would have a consistent, publicly accessible IP address. This avoids relying on port forwarding and supports DNS A-record assignment.
Hostname: ghostprox.csh.rit.edu
Public IP: 129.21.50.3
There were a few reinstall attempts during the process due to network misconfigurations. Eventually, a new ISO was flashed and the install was redone cleanly.
On the network level, I configured a NAT gateway so that all VMs receive private IPs in the 192.168.1.0/24 range and route through the Proxmox host’s public IP.
To avoid using separate services for DNS and DHCP, I deployed dnsmasq on the Fedora Server VM connected to the NAT interface (ens18). The configuration allows internal clients to receive an IP, DNS, and gateway automatically.
ini
CopyEdit
# /etc/dnsmasq.conf # Interface to bind to interface=ens18 bind-interfaces # Upstream DNS server=8.8.8.8 server=8.8.4.4 # DNS cache size cache-size=1000 # DHCP range and options dhcp-range=192.168.1.100,192.168.1.200,12h dhcp-option=3,192.168.1.1 dhcp-option=6,192.168.1.1,8.8.8.8 # Local DNS domain domain=ghostdomain # Enable DHCP logging log-dhcp
bash
CopyEdit
sudo systemctl enable dnsmasq sudo systemctl start dnsmasq sudo systemctl status dnsmasq sudo firewall-cmd --add-service=dns --permanent sudo firewall-cmd --add-service=dhcp --permanent sudo firewall-cmd --reload ping ghostdomain
Containers or VMs bridged to vmbr2 will now receive addresses within the defined range and will use the NAT gateway for DNS resolution and internet access.
Samba was used to expose specific directories over the network. Three shares were defined with group-based access control:
/srv/samba/private
/srv/samba/public
/srv/samba/bitd (for Blades in the Dark files)
bash
CopyEdit
sudo mkdir -p /srv/samba/private sudo mkdir -p /srv/samba/public sudo mkdir -p /srv/samba/bitd sudo nano /etc/samba/smb.conf
ini
CopyEdit
[global] workgroup = WORKGROUP server string = Samba Server netbios name = ghostprox security = user map to guest = bad user [private] comment = Private Folder path = /srv/samba/private valid users = @ghostsmb browsable = yes writable = yes guest ok = no [public] comment = Public Folder path = /srv/samba/public browsable = yes writable = no guest ok = yes [bitd] comment = Blades in the Dark Folder path = /srv/samba/bitd valid users = @bitdplayers browsable = yes writable = yes guest ok = no
Users and groups were created for access control, and firewall rules were added to allow Samba traffic.
Setting all this up from scratch took time, troubleshooting, and trial/error, especially with networking. However, the result is a clean, modular system where each VM has DNS, DHCP, NAT, and file-sharing support — all controlled from a single Proxmox host.