in PVE3, how to allow and route traffic from container to vm (venet to vm bridge) ?

T

tictactoe

Member
Mar 15, 2010
11
0
21
I have a public proxmox (v3.4) host with the following network config :

HTML: 
auto lo
iface lo inet loopback

auto vmbr0
iface vmbr0 inet static
        address <Public IP address>
        netmask 255.255.255.0
        gateway <Public gw address>
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

auto vmbr2
iface vmbr2 inet static
        address 192.168.169.254
        netmask 255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '192.168.169.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.169.0/24' -o vmbr0 -j MASQUERADE

I use some vz containers with venet interfaces in the subnet 192.168.169.0/24.
I use some vm (kvm) with one virtual interface bridge to vmbr2 in the same subnet 192.168.169.0/24

Both CT and VM can reach the Internet through the vmbr0 interface on the host.
I can ping from my host to CT/VM AND from CT/VM to host but i can't ping CT to VM OR VM to CT.

Does someone can help me ?
Thanks you.
 
Last edited:
Re: in PVE3, how to allow and route traffic from container to vm (venet to vm bridge)

Try the following:

First append the following lines to your /etc/iproute2/rt_tables file:
Code: 
100  vlan169

Then edit your /etc/network/interfaces file to become:

Code: 
auto lo
iface lo inet loopback

auto vmbr0
iface vmbr0 inet static
        address <Public IP address>
        netmask 255.255.255.0
        gateway <Public gw address>
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

auto vmbr2
iface vmbr2 inet static
        address 192.168.169.254
        netmask 255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        post-up ip rule add from 192.168.169.0/24 iif venet0 table vlan169
        post-up ip route add default via 192.168.169.1 dev vmbr2 table vlan169
        post-up ip route flush cache
        pre-down ip rule del from 192.168.169.0/24 iif venet0 table vlan169
        pre-down ip route del default via 192.168.169.1 dev vmbr2 table vlan169
        pre-down ip route flush cache

Now reboot the proxmox host.

The above assumes the gateway for vmbr2 to be 192.168.169.1 which can be reachable from vmbr2 (needs to be bridged to a physical interface if the gateway is external).
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back