I have the following configuration:
- Simple zone named "lab". Automatic DHCP is enabled
- VNet named "LAB" within this zone
- Subnet defined within the LAB VNet: 10.99.99.0/24. Gateway 10.99.99.1 and SNAT enabled.
- DHCP Range defined for 10.99.99.2-254
I attach a VM to this network and it gets a DHCP address of 10.99.99.2. It can successfully resolve DNS, but not pass any traffic.
If I do a "tcpdump -i any host 8.8.8.8" on the PVE host and try to ping 8.8.8.8 in the VM I see the following (vlan80 is an OVSIntPort connected to vmbr0, which is in turn connected to enp3s0):
So from this, it looks like the ping is being sent successfully, and a reply is returned. The reply makes it as far back as the vlan80 interface but never reaches the VM.
Am I missing something or does SNAT not work with OVS interfaces?
- Simple zone named "lab". Automatic DHCP is enabled
- VNet named "LAB" within this zone
- Subnet defined within the LAB VNet: 10.99.99.0/24. Gateway 10.99.99.1 and SNAT enabled.
- DHCP Range defined for 10.99.99.2-254
I attach a VM to this network and it gets a DHCP address of 10.99.99.2. It can successfully resolve DNS, but not pass any traffic.
If I do a "tcpdump -i any host 8.8.8.8" on the PVE host and try to ping 8.8.8.8 in the VM I see the following (vlan80 is an OVSIntPort connected to vmbr0, which is in turn connected to enp3s0):
Code:
root@pve:~# tcpdump -i any host 8.8.8.8
20:43:33.255650 tap60069i0 P IP 10.99.99.2 > dns.google: ICMP echo request, id 17484, seq 1, length 64
20:43:33.255650 LAB In IP 10.99.99.2 > dns.google: ICMP echo request, id 17484, seq 1, length 64
20:43:33.255693 vlan80 Out IP pve.mgmt.true.black > dns.google: ICMP echo request, id 17484, seq 1, length 64
20:43:33.255703 enp3s0 Out IP pve.mgmt.true.black > dns.google: ICMP echo request, id 17484, seq 1, length 64
20:43:33.265001 enp3s0 P IP dns.google > pve.mgmt.true.black: ICMP echo reply, id 17484, seq 1, length 64
20:43:33.265014 vlan80 In IP dns.google > pve.mgmt.true.black: ICMP echo reply, id 17484, seq 1, length 64
20:43:34.281716 tap60069i0 P IP 10.99.99.2 > dns.google: ICMP echo request, id 17484, seq 2, length 64
20:43:34.281716 LAB In IP 10.99.99.2 > dns.google: ICMP echo request, id 17484, seq 2, length 64
20:43:34.281748 vlan80 Out IP pve.mgmt.true.black > dns.google: ICMP echo request, id 17484, seq 2, length 64
20:43:34.281758 enp3s0 Out IP pve.mgmt.true.black > dns.google: ICMP echo request, id 17484, seq 2, length 64
20:43:34.291520 enp3s0 P IP dns.google > pve.mgmt.true.black: ICMP echo reply, id 17484, seq 2, length 64
20:43:34.291534 vlan80 In IP dns.google > pve.mgmt.true.black: ICMP echo reply, id 17484, seq 2, length 64So from this, it looks like the ping is being sent successfully, and a reply is returned. The reply makes it as far back as the vlan80 interface but never reaches the VM.
Am I missing something or does SNAT not work with OVS interfaces?