Can ping but no Internet into guest VM's

[siberia50]

Hi,

I've ran across an unusual situation.

I've a PVE on top of Debian Bulleye with a couple Windows server VM's, and I have trouble making the NAT routing.

I've followed the doc, specially the "routed config" and "maquerading section".

Somehow I suspect my cloud provider to indeed block multiple MAC's but can't be sure. That's why I tried with the NAT solution.

My interfaces:

auto enp41s0
iface enp41s0 inet static
        address 86.10.198.238/27
        gateway 86.10.198.225
        up route add -net 86.10.198.224 netmask 255.255.255.224 gw 86.10.198.225 dev enp41s0
# route 86.10.198.224/27 via 86.10.198.225

iface enp41s0 inet6 static
        address 2002:560a:c6e1::
        gateway fe80::1

iface vmbr0 inet static
        address  10.10.10.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o enp41s0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o enp41s0 -j MASQUERADE
        post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

Interface on Windows: (static)

IP: 10.10.10.4
mask: 255.255.255.0
gtw: 10.10.10.1
DNS: 8.8.8.8

I can ping from Debian to Windows VM and vice versa.
From Windows I can ping 8.8.8.8 and various externals IP.
The DNS seems to be blocked since I can't do any resolution with nslookup and whois
Can't reach any webpage even with an IP neither.

It seem that ping is reachable to the outside but something is blocking any other traffic, can't figure out if it's on the routing side with iptables or proxmox side with the natted and maqueraded vmbr0.

Here's my iptables https://pastebin.com/H14YrBSL

Thanks in advance for help,

Regards

 

[siberia50]

Up

 

[superhyppo]

same of me, it was ovh Edge Network Firewall