2x physical NIC - internet connection via host, 1x public, 1x internal - masquerade ip tables etc.

A

aballi1

Active Member
Proxmox Subscriber
Jun 1, 2019
3
1
43
Munich, Germany
Hi all,

sorry to bring this topic again as we have a lot of threads about this but i couldn't find my example.

I've checked this Link already and i think my setup is correct but somehow the internet connection for the containers is not working.
https://pve.proxmox.com/pve-docs/ch..._nat_with_span_class_monospaced_iptables_span


Setup:

3 Physical Servers with proxmox
All Servers have a 10GBit connection between each other via the physical NIC eno2

2 Servers have the "public" containers with a public IP Address for webservers etc.
The 3rd Server is for "internal" containers. They should not be reachable from outside, but the need an internet connection.

Usual way would be to forward and MASQUERADE the traffic, but this somehow doesn't work.

I have the setup based on the examples:

Code: 
auto lo
iface lo inet loopback

auto eno1
iface eno1 inet static
        address  <public ip>
        netmask  32
        gateway  <public gateway>

iface eno1 inet6 static
        address  <public ipv6>
        netmask  64
        gateway  <public gateway v6>

iface eno2 inet manual

auto vmbr0
iface vmbr0 inet static
    address  172.16.18.138
    netmask  23
    bridge-ports eno2
    bridge-stp off
    bridge-fd 0
    post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up   iptables -t nat -A POSTROUTING -s '172.16.18.0/23' -o eno1 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '172.16.18.0/23' -o eno1 -j MASQUERADE
       

iface eno3 inet manual
iface eno4 inet manual

This setup you find in the proxmox networking examples, but with one difference: bridge-ports eno2
The Bridge has a physical nic behind for the communication between the other proxmox server / containers.

The container network config looks like this:
2019-08-31_15-21-11.png

2019-08-31_15-29-32.png


i don't get an internet connection - can you help me here ?

Thanks, Andre
 
Last edited:
I tried replicating your setup, but couldn't find any issue (even with a bridge-port specified). Could use some more info about your setup:
  • The network config for all of your nodes
  • Are the screenshots from a container running on your "internal" node?
  • The "internal" node itself has an internet connection?
  • Maybe try a traceroute from your container, to some public server (e.g. 'traceroute 1.1.1.1') - what's the expected route a packet should take? Via one of your "public" nodes?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom