[SOLVED] Can Ping intern but can´t get into public

Discussion in 'Proxmox VE: Networking and Firewall' started by Scrober, Jun 12, 2018.

  1. Scrober

    Scrober New Member

    Joined:
    Jun 12, 2018
    Messages:
    7
    Likes Received:
    0
    Hello i have a dedicated server at a hoster with one public IP and a Subnet of /29. The Public IP is where Proxmox is running. But i can´t connect my VM to the Internet only the Host IP i can ping.

    My Configuration:

    HOST /etc/network/interface
    I used OVS bridges
    Code:
    auto lo
    iface lo inet loopback
    
    iface lo inet6 loopback
    
    allow-vmbr0 enp2s0
    iface enp2s0 inet manual
            ovs_type OVSPort
            ovs_bridge vmbr0
    #pointopoint 192.168.1.20
    #post-up echo 1 > /proc/s.ys/net/ipv4/ip_forward
    #post-up echo 1 > /proc/sys/net/ipv4/conf/eno1/proxy_arp
    
    auto vmbr1
    iface vmbr1 inet static
            address  192.168.2.1
            netmask  255.255.255.224
            ovs_type OVSBridge
            post-up echo 1 > /proc/sys/net/ipv4/ip_forward
            post-up   iptables -t nat -A POSTROUTING -s '192.168.2.0/29' -o vmbr0 -j MASQUERADE
            post-down iptables -t nat -D POSTROUTING -s '192.168.2.0/29' -o vmbr0 -j MASQUERADE
    
    auto vmbr0
    iface vmbr0 inet static
            address 192.168.1.0
            netmask  255.255.255.224
            gateway  192.168.1.20
            ovs_type OVSBridge
            ovs_ports enp2s0
    

    HOST iptables -t nat -L -n -v
    Code:
    Chain PREROUTING (policy ACCEPT 328 packets, 19959 bytes)
     pkts bytes target     prot opt in     out     source               destination
    
    Chain INPUT (policy ACCEPT 32 packets, 1936 bytes)
     pkts bytes target     prot opt in     out     source               destination
    
    Chain OUTPUT (policy ACCEPT 43 packets, 2873 bytes)
     pkts bytes target     prot opt in     out     source               destination
    
    Chain POSTROUTING (policy ACCEPT 43 packets, 2873 bytes)
     pkts bytes target     prot opt in     out     source               destination
      272 15547 MASQUERADE  all  --  *      vmbr0   192.168.2.0/29    0.0.0.0/0
    

    HOST ip route
    Code:
    default via 192.168.1.20 dev vmbr0 onlink
    192.168.1.12/27 dev vmbr0 proto kernel scope link src 192.168.1.11
    192.168.2.0/29 dev vmbr1 proto kernel scope link src 192.168.2.1

    Guest BSD
    IP: 192.168.2.6
    GW:192.168.2.1

    netstat -r
    Code:
    Destination           Gateway          Flags   Netif Expire
    0.0.0.0/32             192.168.2.1   UGS     em0
    default                  192.168.2.1    UGS    em0
    192.168.2.0/29     link#1               U          em0
    
    i can´t get an internet connection but i can ping the 192.168.1.11.
    Simply don´t see the error.

    So does anyone have the answer for me.

    Greeting Daniel
     
    #1 Scrober, Jun 12, 2018
    Last edited: Jun 12, 2018
  2. wolfgang

    wolfgang Proxmox Staff Member
    Staff Member

    Joined:
    Oct 1, 2014
    Messages:
    3,589
    Likes Received:
    212
    Hi,

    why do you use OVS.
    For this kind of setup, you should use Linux bridge model.
     
  3. Scrober

    Scrober New Member

    Joined:
    Jun 12, 2018
    Messages:
    7
    Likes Received:
    0
    Hello wolfgang
    ,

    I have read ovs bridges work like switches so i just used them anyway.

    do i need another route on my host system to route the 192.168.2.0 to the 192.168.1.0?

    Soryy for the 192.168.*.* Networks but i don´t feel good with posting my original IP´s the Subnets are correct.
     
  4. Scrober

    Scrober New Member

    Joined:
    Jun 12, 2018
    Messages:
    7
    Likes Received:
    0
    Just changed to Linux Bridge for vmbr0 and vmbr1 no success till now..
    Can ping from BSD VM to Hosts public ip an vmbr1 ip but not to 8.8.8.8
     
    #4 Scrober, Jun 13, 2018
    Last edited: Jun 13, 2018
  5. wolfgang

    wolfgang Proxmox Staff Member
    Staff Member

    Joined:
    Oct 1, 2014
    Messages:
    3,589
    Likes Received:
    212
    What provider do you have?
     
  6. Scrober

    Scrober New Member

    Joined:
    Jun 12, 2018
    Messages:
    7
    Likes Received:
    0
    I am at Hetzner and have my public ip and a Subnet of /29(255.255.255.248)
     
  7. Scrober

    Scrober New Member

    Joined:
    Jun 12, 2018
    Messages:
    7
    Likes Received:
    0
  8. wolfgang

    wolfgang Proxmox Staff Member
    Staff Member

    Joined:
    Oct 1, 2014
    Messages:
    3,589
    Likes Received:
    212
    The Main IP is the IP what the server has in it deliver configuration.
    This IP can't be changed because Hetzner has a mac IP mapping.

    Code:
    # /etc/network/interfaces
    auto lo
    iface lo inet loopback
    
    auto  eth0
    iface eth0 inet static
          address   <Main IP delivert with this server>
          netmask   255.255.255.255
          pointopoint   <Gateway>
          gateway   <Gateway>
    
    auto vmbr0
    iface vmbr0 inet static
          address   <Main IP delivert with this server>
          netmask   255.255.255.255
          bridge_ports none
          bridge_stp off
          bridge_fd 0
          up ip route add <1st additional IP used in VM>/32 dev vmbr0
          up ip route add <2nd additional IP used in VM>/32 dev vmbr0
    
     
  9. Scrober

    Scrober New Member

    Joined:
    Jun 12, 2018
    Messages:
    7
    Likes Received:
    0

    After Many reading on google and speaking to Hetzner no one came up with a real solution.

    But i get it to work with one little tweak but will i will make it clear just in case someone else is having some trouble.
    Actually, no one sad you have to Change bridge_ports... i knew there was no connection between Physical Ethernet and vmbr0 but wasn´t confident enough to change.


    I bought one additional IP on Hetzner

    then set up a VMBridge with following config:

    Code:
    auto vmbr0
    iface vmbr0 inet static
          address   <Main IP delivert with this server>
          netmask   255.255.255.255
          bridge_ports <Name of your main Device>
          bridge_stp off
          bridge_fd 0
          up ip route add <IP you bought>/32 dev vmbr0
    Than just change the MAC of your VMs ethernet adapter and go ahead with configurating your VM as it is shown in the Hetzner Robot..

    Now every thing works fine thank you Wolfgang.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice