Search results

You do not need add any iptables rules on VM. Just set right ip address, gateway and DNS. iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE iptables -A POSTROUTING -t nat -s 10.10.10.0/24 -j...

Yes, as described above, different network intefaces = different IPs, even different networks, or you will get some fun with network connectivity lost.

I guess this is common network problem, not related to Proxmox.

Hi there! Just find any guide to setup NAT with iptables for typical "office network". Say, you VMs are "office computers" connected to same LAN as your proxmox host. Your proxmox IP will be default gateway for "office computers". But IMHO better way is to setup router as VM, not to give public...

Good luck!

Then configure your router/switch to send tagged traffic to PVE

Try to type 10.10.10.0/24 without any quotes. If you have spaces in ipaddress and mask, remove it!

Yep. Nginx as reverse proxy or HAProxy is your friend.

You have a lot of MASQUERADE rules you created with your experiments. Clear the nat table with "iptables -X -t nat" command. Then, you do not have slave port for vmbr1. Is it right?

You need just second line: iptables -A POSTROUTING -t nat -s 10.10.10.0/24 -o vmbr0 -j MASQUERADE But before, list iptables rules in the nat table: iptables -L -t nat What is ip address and netmask of your vmbr0 interface?

We should to get to know if there are MUST be on network interface, or not.

With network interfaces configuration that I described, your VMs shouldn't see any vlan tags. You will see tags, if there are any, only on host physical interfaces. If you want tags inside VM, your configuration must be slightly different. tcpdump is great tool for network analyze and solving...

Then I need more information about your network setup, and, maybe you want to show documentation you have.

Run it on PVE. Maybe you have to install tcpdump: apt-get install tcpdump

Then try to see it. tcpdump -i eth0 -e Replace eth0 to your physical network interface. Wait for a while, then press Ctrl+C. If you have vlan tagged traffic, you should see something like that:

VLAN tag 2, are you sure you have tagged traffic on vmbr0?

Is IP static or acquired from DHCP?

VM on the screenshot you posted is just hangs during bootup? Or it booting to login?

Is your DNS server up and running?

This is my working example of pfSense router working in PVE environment. Tagged traffic comes from switch to PVE on vmbr0 bridge. This is VM configuration: This picture shows how interfaces are visible inside VM: So, VM can access VLANs without playing VLAN tags inside VM.