[SOLVED] IP routing to VM's

M

mauro

New Member
Sep 13, 2013
3
0
1
Hi,
I have Proxmox with two VM's, Shorewall and two public IP addresses (just one assigned in eth0). I want to use Postfix in multi-instance mode with different IP's assigned to each instance. Right now, if I add one new IP to the VM straight with the Proxmox web interface, I cannot connect from outside to SMTP, neither from Proxmox Host (using its internal IP). I also can't ping the VM after I add external IP's to it, but I can if I remove the external IP's. I need to assign the IP's so I can use them with Postfix.

I don't know much about Proxmox and net administration with VM, any idea what could I be doing wrong ? Or which steps should I follow to achieve what I want ?

Some info:
When I try to connect from Host to VM, I see this in syslog:
"martian source 10.10.10.6 from xxx.xxx.xxx.xxx, on dev venet0"

10.10.10.6 is my VM's internal IP

Also, Postfix instance that has assigned secondary IP (not the one in eth0) can't access internet.


I will be very grateful for any help you could give me!
 
Last edited:
You need to grab yourself a tutorial on the Networking. It sounds like you have Proxmox with an external IP which is fine.

Where did you assign the second external IP?
Where is the shorewall located? The Host System?

Did you set up internal Bridged Routing for PRoxmox to reach you "internal Network" ?

Who or what is doing the routing ?

Did I get that right you have one external IP for two internal VMs?

If your postfix instance can reach the internet, can it ping the Host internally?

But I guess the Part I really hang up on is that it sounds like you have one External IP which is supposed to feed two VMs each running postfix ... how is the routing supposed to decide which VM / Postfix to send the paket to?
 
Hi, thanks for your reply.

I first assigned the second IP to the Host, in eth0 (currently I have eth0 with two IP's, and venet0 with none).
Shorewall is located in the Host System.

About my network, I'm not sure now. Right now I just have venet working, I had a bridge but I red somewhere that with venet it was unnecesary, so I disabled it (and it is working).

I have now two IP's and two VM's, but I don't need that both VM's use the IP's, one of the VM is only an internal MySQL server. So far I've been using port forwarding with shorewall rules, so port 80 is forwarded to VM's port 80 with internal IP 10.10.10.2, and so.
That was working. But the issue came when I needed to assign external IP's to this VM that has Postfix, so I can use Postfix in multi-instance mode assigning them one IP for each instance.

My VM can ping the Host internally, as long I don't assign the external IP's with Proxmox. When I mix-up external and internal IP's, I mean when I assign one internal IP and two externals to the VM, then nor the Host can reach the VM nor VM can reach the Host. Maybe the thing is which is the right way to use external IP's in one VM and being able to communicate between VM internally at the same time.
 
Ok so this does not sound like the Networking is set up right.

You have two external IPs so one should be the IP for proxmox, the other should be assigned to the vmbr.

Now in theory the vmbr is reachable from the outside.

But this will only let you map the external IP to one internal VM unless you start using NAT for different Ports, which is possible but ugly. As if you have two mailservers runing one would have to get runing on different ports.

Sound like you need to dig deeper into networking to get an idea what you NEED to have in order to do your set up.

Personally I would do this with a few more external IPs.
 
VMBR is only needed if you are using KVM VM's if you are just using OpenVZ containers its not required

if you have shorewall on the host and both the external IP's on the host - you will have to configure your VM's with internal IP's that the hostnode can ping (you may have to set an internal IP in the same subnet on the host node and bridge with venet)

then you configure the firewall to do the neccesary port forwarding and NAT required to make your setup work

that said - theres an obvious issue here:

you are setting up postfix in multi-instance mode but setting them up on the same hardware - using the same hardware kind of defeats the point of postfix multi-instance mode
 
Ok, thank you both, I have solved it.

As you said, it was a network configuration issue (not really related with Proxmox, sorry). I was confussing external with internal IP's and that was most of the issue. Now I added external IP's to host's eth0, disabled vmbr to work just with venet, and added internal IP's to the VM's. In the VM that I needed to assign more external IP's, I assigned more interal IP's. Then I configured NAT so each external IP were routed to the VM's internal IP, added some rules to accept traffic to that IP's on SMTP port, and finally configured each Postfix instance binding them to each of the internal IP's.

Thanks a lot for your help, it was useful to find out what I wasn't understanding!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back