4 VMs 2 IPs - bridge and NAT

[Azunai]

Hi there,
Im still pretty new to proxmox so nothing is trivial to me.

I have 2 public IPs, 2 ports and 4 VMs. The setup i desire is:
IP1:
Host
vm1,vm2,vm3

IP2:
vm4

For testing i disabled firewall on datacenter, node and vm
Proxmox VE 6.0-6

I set up my interfaces file:

Spoiler: interfaces

auto lo
iface lo inet loopback


iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
address 1.1.1.1
netmask 255.255.252.0
gateway 1.1.1.254
bridge_ports eno1
bridge_stp off
bridge_fd 0

iface eno2 inet manual

auto vmbr1
#local sub network
iface vmbr1 inet static
address 192.168.1.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE

iface eno3 inet manual

iface eno4 inet manual

and for eg VM 1:


Currently the host and VM4 have full network access while VM 1,2,3 can only ping the gateway 192.168.1.1 and each other but not connect to the outside.
in the proxmox UI i set the interface for VM 1,2,3 to vmbr1

checking tcpdump i see on interface vmbr0 and eno1

(question here, is this normal or should it show my public ip already since masquerading?)

What am i missing?

 

[Azunai]

Even though i have disabled the firewall in the proxmox ui (datacenter, node and vm) Firewall -> options -> enabled = no
it seems to affect this somehow.
removing the firewall parameter on the VM (Hardware -> network -> firewall) solves all my issues (though id like to use the native firewall)