[SOLVED] Can Ping intern but can´t get into public

Scrober

New Member
Jun 12, 2018
7
0
1
31
Hello i have a dedicated server at a hoster with one public IP and a Subnet of /29. The Public IP is where Proxmox is running. But i can´t connect my VM to the Internet only the Host IP i can ping.

My Configuration:

HOST /etc/network/interface
I used OVS bridges
Code:
auto lo
iface lo inet loopback

iface lo inet6 loopback

allow-vmbr0 enp2s0
iface enp2s0 inet manual
        ovs_type OVSPort
        ovs_bridge vmbr0
#pointopoint 192.168.1.20
#post-up echo 1 > /proc/s.ys/net/ipv4/ip_forward
#post-up echo 1 > /proc/sys/net/ipv4/conf/eno1/proxy_arp

auto vmbr1
iface vmbr1 inet static
        address  192.168.2.1
        netmask  255.255.255.224
        ovs_type OVSBridge
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '192.168.2.0/29' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.2.0/29' -o vmbr0 -j MASQUERADE

auto vmbr0
iface vmbr0 inet static
        address 192.168.1.0
        netmask  255.255.255.224
        gateway  192.168.1.20
        ovs_type OVSBridge
        ovs_ports enp2s0


HOST iptables -t nat -L -n -v
Code:
Chain PREROUTING (policy ACCEPT 328 packets, 19959 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 32 packets, 1936 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 43 packets, 2873 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 43 packets, 2873 bytes)
 pkts bytes target     prot opt in     out     source               destination
  272 15547 MASQUERADE  all  --  *      vmbr0   192.168.2.0/29    0.0.0.0/0


HOST ip route
Code:
default via 192.168.1.20 dev vmbr0 onlink
192.168.1.12/27 dev vmbr0 proto kernel scope link src 192.168.1.11
192.168.2.0/29 dev vmbr1 proto kernel scope link src 192.168.2.1


Guest BSD
IP: 192.168.2.6
GW:192.168.2.1

netstat -r
Code:
Destination           Gateway          Flags   Netif Expire
0.0.0.0/32             192.168.2.1   UGS     em0
default                  192.168.2.1    UGS    em0
192.168.2.0/29     link#1               U          em0

i can´t get an internet connection but i can ping the 192.168.1.11.
Simply don´t see the error.

So does anyone have the answer for me.

Greeting Daniel
 
Last edited:
Hi,

why do you use OVS.
For this kind of setup, you should use Linux bridge model.
 
Hello wolfgang
Hi,

why do you use OVS.
For this kind of setup, you should use Linux bridge model.

,

I have read ovs bridges work like switches so i just used them anyway.

do i need another route on my host system to route the 192.168.2.0 to the 192.168.1.0?

Soryy for the 192.168.*.* Networks but i don´t feel good with posting my original IP´s the Subnets are correct.
 
Just changed to Linux Bridge for vmbr0 and vmbr1 no success till now..
Can ping from BSD VM to Hosts public ip an vmbr1 ip but not to 8.8.8.8
 
Last edited:
What provider do you have?
 
The Main IP is the IP what the server has in it deliver configuration.
This IP can't be changed because Hetzner has a mac IP mapping.

Code:
# /etc/network/interfaces
auto lo
iface lo inet loopback

auto  eth0
iface eth0 inet static
      address   <Main IP delivert with this server>
      netmask   255.255.255.255
      pointopoint   <Gateway>
      gateway   <Gateway>

auto vmbr0
iface vmbr0 inet static
      address   <Main IP delivert with this server>
      netmask   255.255.255.255
      bridge_ports none
      bridge_stp off
      bridge_fd 0
      up ip route add <1st additional IP used in VM>/32 dev vmbr0
      up ip route add <2nd additional IP used in VM>/32 dev vmbr0
 
The Main IP is the IP what the server has in it deliver configuration.
This IP can't be changed because Hetzner has a mac IP mapping.

Code:
# /etc/network/interfaces
auto lo
iface lo inet loopback

auto  eth0
iface eth0 inet static
      address   <Main IP delivert with this server>
      netmask   255.255.255.255
      pointopoint   <Gateway>
      gateway   <Gateway>

auto vmbr0
iface vmbr0 inet static
      address   <Main IP delivert with this server>
      netmask   255.255.255.255
      bridge_ports none
      bridge_stp off
      bridge_fd 0
      up ip route add <1st additional IP used in VM>/32 dev vmbr0
      up ip route add <2nd additional IP used in VM>/32 dev vmbr0


After Many reading on google and speaking to Hetzner no one came up with a real solution.

But i get it to work with one little tweak but will i will make it clear just in case someone else is having some trouble.
Actually, no one sad you have to Change bridge_ports... i knew there was no connection between Physical Ethernet and vmbr0 but wasn´t confident enough to change.


I bought one additional IP on Hetzner

then set up a VMBridge with following config:

Code:
auto vmbr0
iface vmbr0 inet static
      address   <Main IP delivert with this server>
      netmask   255.255.255.255
      bridge_ports <Name of your main Device>
      bridge_stp off
      bridge_fd 0
      up ip route add <IP you bought>/32 dev vmbr0

Than just change the MAC of your VMs ethernet adapter and go ahead with configurating your VM as it is shown in the Hetzner Robot..

Now every thing works fine thank you Wolfgang.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!