Hi,
I've PVE installed on a debian VM (A) on VMWare for testing purpose, before doing it on bare metal.
Inside Proxmox, i've another guest debian VM (B) with which I try to access the internet thru a natted and maqueraded interface configured on debian A, but can't.
I've followed the official doc, masquering section.
I have 2 network:
Debian A can ping on both network, therefore the Internet.
Debian B can only ping on subnet D, so that's why i suspect some routing issues on Debian A
debian A /etc/network/interface (ip_forward is set to 1)
debian A ip a
debian A ip r
debian A route
debian B ip a
debian B ip r
The route seems correct to me.
I've disable UFW to mitigate firewall forwarding issues.
Thanks in advance for help.
Regards
I've PVE installed on a debian VM (A) on VMWare for testing purpose, before doing it on bare metal.
Inside Proxmox, i've another guest debian VM (B) with which I try to access the internet thru a natted and maqueraded interface configured on debian A, but can't.
I've followed the official doc, masquering section.
I have 2 network:
Code:
Network C (which is a VMWare NAT interface with DHCP)
address: 192.168.2.0/24
gateway: 192.168.2.2
hosts: 2.10 to 2.254
Subnet D (defined in the network/interface of debian A)
address; 10.10.10.0/24
gateway: 10.10.10.1
hosts: 10.2 to 10.254Debian A can ping on both network, therefore the Internet.
Debian B can only ping on subnet D, so that's why i suspect some routing issues on Debian A
debian A /etc/network/interface (ip_forward is set to 1)
Code:
auto lo
auto ens33
iface ens33 inet static
address 192.168.2.10/24
gateway 192.168.2.2
auto vmbr0
iface vmbr0 inet static
address 10.10.10.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o ens33 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o ens33 -j MASQUERADE
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1debian A ip a
Code:
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.2.10/24 brd 192.168.2.255 scope global ens33
12: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
inet 10.10.10.1/24 scope global vmbr0debian A ip r
Code:
default via 192.168.2.2 dev ens33 onlink
10.10.10.0/24 dev vmbr0 proto kernel scope link src 10.10.10.1
192.168.2.0/24 dev ens33 proto kernel scope link src 192.168.2.10debian A route
Code:
Destination Gateway Genmask Indic Metric Ref Use Iface
default 192.168.2.2 0.0.0.0 UG 0 0 0 ens33
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 vmbr0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33debian B ip a
Code:
ens18: mty 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 10.10.10.2/24debian B ip r
Code:
default via 10.10.10.1 dev ens18 onlink
10.10.10.0/24 dev ens18 proto kernel scope link src 10.10.10.2The route seems correct to me.
I've disable UFW to mitigate firewall forwarding issues.
Thanks in advance for help.
Regards