If you rent a dedicated server on a hosting provider and put Proxmox on it, and you don't want to pay for extra public IP addresses, you can use masquerading to push all the VM traffic through the one IP address. (proxmox.com reference page)
You will need to edit the file /etc/network/interfaces and make some changes. An example is below. I have left the text that tells you not to change it. If you make a mistake and the server becomes unreachable, and it is not physically located near you, be sure you have a rescue image available that you can boot to fix it. Most hosting providers make it very easy to boot a rescue image.
By default, Proxmox will be configured so that the bridge vmbr0 contains the static IP address setting and the actual Ethernet interface will be tied to the bridge. To use a single public IP address and have an internal pool of private IP addresses you need to reverse this, putting the static address on the Ethernet port and making the bridge be the gateway. Below is an example for using 10.0.0.0/24 as the private subnet.
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address <your public IP address from the ISP>/<your CIDR mask>
gateway <gateway provided by the ISP>
up ip route replace <your subnet>/<your CIDR mask> via <gateway> dev eth0
auto vmbr0
iface vmbr0 inet static
address 10.0.0.1/16
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s 10.0.0.0/16 -j LOG --log-prefix "NAT-"
post-up iptables -t nat -A POSTROUTING -s 10.0.0.0/16 -o eth0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s 10.0.0.0/16 -o eth0 -j MASQUERADE
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
Restarting systemd networking leaves the NAT crippled, so I just rebooted (yes, that's lame) rather than figure out the proper way to restart networking in this situation.
When the ProxMox node has a public IP address and all of the VMs have private addresses, then you probably need to forward ports to reach a given VM for various tasks.
Ports are forwarded by inserting more lines into the /etc/network/interface file, underneath what is shown above. E.g., if eth0 has your public IP address, then to forward ports 80 and 443 to a web proxy sitting at 10.1.2.3:
post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 10.1.2.3 post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to 10.1.2.3 post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 10.1.2.3 post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to 10.1.2.3
If you are running a stand-alone ProxMox node on a hosting provider, you will probably want to run a DHCP server in ProxMox to provide addresses for all your VMs.
apt install isc-dhcp-server vim /etc/dhcp/dhcpd.conf
Configure IP address pool(s).
If you will be using IPv4 only you can disable IPv6:
vim /etc/default/isc-dhcp-server
At the bottom you will see two interface lines. Set the v4 line to point to your primary interface, e.g.:
INTERFACESv4="vmbr0"