Hi following my previous issue regarding using sdn here, i first tried making a vlan and then a bridge so that i can use a differnet subnet for my vms. My host is on 192.168.29.xx i want my vms to be on 192.168.100.xx and be able to visit them on my network. My server has one physical eno0 device that is being used by vimbr0. Can someone please suggest options to properly do that, because i have tried following many youtube tutorials and non of them seem to work for me.
cannot configure a different subnet for different vms
- Thread starter creative_dragon
- Start date
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
hi, if you want create a SND NAT follow this step:
- The DHCP integration uses dnsmasq
To use that feature you need to install the dnsmasq package on **every node**:
* Under datacenter -> go to SDN - add simple Zones (ID = add any name) - check automatic DHCP box
* Under: VNets select the Zone you've created
* Under Subnet : check SNAT box , it will give internet access to your futur VM and configure automaticly iptables rules , To use DHCP we also need to create a DHCP range for this Subnet , choose DHCP ranges of the subnet
* navigating to the SDN panel and click 'Apply'
- The DHCP integration uses dnsmasq
To use that feature you need to install the dnsmasq package on **every node**:
Code:
apt update
apt install dnsmasq
# disable default instance
systemctl disable --now dnsmasq* Under datacenter -> go to SDN - add simple Zones (ID = add any name) - check automatic DHCP box
* Under: VNets select the Zone you've created
* Under Subnet : check SNAT box , it will give internet access to your futur VM and configure automaticly iptables rules , To use DHCP we also need to create a DHCP range for this Subnet , choose DHCP ranges of the subnet
* navigating to the SDN panel and click 'Apply'
Last edited:
hi, if you want create a SND NAT follow this step:
- The DHCP integration uses dnsmasq
To use that feature you need to install the dnsmasq package on **every node**:
Code:apt update apt install dnsmasq # disable default instance systemctl disable --now dnsmasq
* Under datacenter -> go to SDN - add simple Zones (ID = add any name) - check automatic DHCP box
* Under: VNets select the Zone you've created
* Under Subnet : check SNAT box , it will give internet access to your futur VM and configure automaticly iptables rules , To use DHCP we also need to create a DHCP range for this Subnet , choose DHCP ranges of the subnet
* navigating to the SDN panel and click 'Apply'
* Under: VNets select the Zone you've created i think you mean create a vnet with that zone id right? Then select the subnet. (Also should it be vlan aware?) Under Subnet : check SNAT box , it will give internet access to your futur VM and configure automaticly iptables rules , To use DHCP we also need to create a DHCP range for this Subnet , choose DHCP ranges of the subnet I gave subnet as 192.168.102.1/24 dhcp range as 192.168.102.2 192.168.102.30 (this is different subnet from my host)I did as you specified, i still do not get a ip assigned to my fedora server vmhi, if you want create a SND NAT follow this step:
- The DHCP integration uses dnsmasq
To use that feature you need to install the dnsmasq package on **every node**:
Code:apt update apt install dnsmasq # disable default instance systemctl disable --now dnsmasq
* Under datacenter -> go to SDN - add simple Zones (ID = add any name) - check automatic DHCP box
* Under: VNets select the Zone you've created
* Under Subnet : check SNAT box , it will give internet access to your futur VM and configure automaticly iptables rules , To use DHCP we also need to create a DHCP range for this Subnet , choose DHCP ranges of the subnet
* navigating to the SDN panel and click 'Apply'
yes ! my bad* Under: VNets select the Zone you've createdi think you mean create a vnet with that zone id right? Then select the subnet. (Also should it be vlan aware?)
your subnet should be:I gave subnet as 192.168.102.1/24 dhcp range as 192.168.102.2 192.168.102.30 (this is different subnet from my host)
subnet : 192.168.1.0/24
gateway: 192.168.1.31
then: dhcp range as 192.168.102.2 192.168.102.30
yes ! my bad
your subnet should be:
subnet : 192.168.1.0/24
gateway: 192.168.1.31
then: dhcp range as 192.168.102.2 192.168.102.30
create sdn subnet object failed: 400 Parameter verification failed.dhcp-range: start-address 192.168.102.2 is not in subnet 192.168.1.0/24 (500). Also please be aware my host machine is on 192.168.29.10
sorry i wrote to fast :/create sdn subnet object failed: 400 Parameter verification failed.dhcp-range: start-address 192.168.102.2 is not in subnet 192.168.1.0/24 (500). Also please be aware my host machine is on 192.168.29.10
subnet : 192.168.102.0/24 # put the address you need
gateway: 192.168.102.31 # put the address you need
Last edited:
I do get a ip assiged to both my fedora and truenas vms but i cannot visit their web interfacessorry i wrote to fast :/
subnet : 192.168.102.0/24 # put the address you need
gateway: 192.168.102.31 # put the address you need
now you should forward your desired port on your ip tables:I do get a ip assiged to both my fedora and truenas vms but i cannot visit their web interfaces
i don't remember the file for the rule , maybe
/etc/network/interfaces but i think you should have something more specific for SDN like /etc/sdn/network or /etc/network/sdn , just google it, i don't have iti'm not sure, but something like this:
iptables -t nat -A PREROUTING -p tcp --dport <public_port> -j DNAT --to-destination <VM_IP>:<port>i have this in
/etc/network/interfaces exemple for SSHpost-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 32768 -j DNAT --to 192.168.22.108:22post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 32768 -j DNAT --to 192.168.22.108:22
Last edited:
Well they both dont exist:now you should forward your desired port with on your ip tables:
i don't remember the file for the rule , maybe/etc/network/interfacesbut i think you should have something mor specific for SDN like/etc/sdn/networkor/etc/network/sdn
i'm not sure, but something like this:
iptables -t nat -A PREROUTING -p tcp --dport <public_port> -j DNAT --to-destination <VM_IP>:<port>
root@prox:~# cat /etc/sdn/networkcat: /etc/sdn/network: No such file or directoryroot@prox:~# cat /etc/network/sdncat: /etc/network/sdn: No such file or directoryso it should be like this, at the end of the file?:
Code:
iptables -t nat -A PREROUTING -p tcp --dport 9090 -j DNAT --to-destination 192.168.103.2:9090My file looks like this now:
Code:
auto lo
iface lo inet loopback
iface eno0 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.168.29.10/24
gateway 192.168.29.1
bridge-ports eno0
bridge-stp off
bridge-fd 0
iface wlp2s0 inet manual
source /etc/network/interfaces.d/*
iptables -t nat -A PREROUTING -p tcp --dport 9090 -j DNAT --to-destination 192.168.103.2:9090
Last edited:
Well they both dont exist:
root@prox:~# cat /etc/sdn/network
cat: /etc/sdn/network: No such file or directory
root@prox:~# cat /etc/network/sdn
cat: /etc/network/sdn: No such file or directory
so it should be like this, at the end of the file?:
Code:iptables -t nat -A PREROUTING -p tcp --dport 9090 -j DNAT --to-destination 192.168.103.2:9090
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 9090 -j DNAT --to 192.168.22.108:9090post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 9090 -j DNAT --to 192.168.22.108:9090Still cannot visit the cockpit web interface, also rebooted just for good measure.
My file looks like this now:
My file looks like this now:
Code:
auto lo
iface lo inet loopback
iface eno0 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.168.29.10/24
gateway 192.168.29.1
bridge-ports eno0
bridge-stp off
bridge-fd 0
iface wlp2s0 inet manual
source /etc/network/interfaces.d/*
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 9090 -j DNAT --to 192.168.103.2:9090
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 9090 -j DNAT --to 192.168.103.2:9090try add this rules : https://pve.proxmox.com/wiki/Network_Configuration
Code:
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
source /etc/network/interfaces.d/*
Last edited:
Still does not seem to work...
File is like this now:
Also
returns
File is like this now:
Code:
auto lo
iface lo inet loopback
iface eno0 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.168.29.10/24
gateway 192.168.29.1
bridge-ports eno0
bridge-stp off
bridge-fd 0
iface wlp2s0 inet manual
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
source /etc/network/interfaces.d/*
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 9090 -j DNAT --to 192.168.103.2:9090
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 9090 -j DNAT --to 192.168.103.2:9090Also
$iptables -t nat -L -v returns
Code:
Chain PREROUTING (policy ACCEPT 110 packets, 8305 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 35 packets, 2645 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 44 packets, 3335 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 44 packets, 3335 bytes)
pkts bytes target prot opt in out source destination
24 1824 SNAT all -- any vmbr0 192.168.103.0/24 anywhere to:192.168.29.10i'm sorry not sure i can't help, out of my competence :/
try the doc : https://pve.proxmox.com/wiki/Setup_Simple_Zone_With_SNAT_and_DHCP
maybe replacing DNAT with SNAT
try the doc : https://pve.proxmox.com/wiki/Setup_Simple_Zone_With_SNAT_and_DHCP
maybe replacing DNAT with SNAT
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 9090 -j DNAT --to 192.168.103.2:9090post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 9090 -j SNAT --to 192.168.103.2:9090
Last edited:
Did replace DNAT but it still is not working...i'm sorry not sure i can't help, out of my competence :/
try the doc : https://pve.proxmox.com/wiki/Setup_Simple_Zone_With_SNAT_and_DHCP
maybe replacing DNAT with SNAT
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 9090 -j DNAT --to 192.168.103.2:9090
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 9090 -j SNAT --to 192.168.103.2:9090
@vesuvienne Could you suggest doing this through vlans? i cannot access the vms using that and i think i may need to configure differently?
Just to test that a different subnet work, i have created a vlan from vmbr0 (vmbr0 is vlan aware) created it as vmbr0.105 and added ip 192.168.105.1/24 with no gateway (its not allowing me to put a gateway), i added the vmrb0 with vlan tag 105 in network devices of the vm but i am testing a truenas vm but it does not get a ip assigned to it.i'm sorry not sure i can't help, out of my competence :/
try the doc : https://pve.proxmox.com/wiki/Setup_Simple_Zone_With_SNAT_and_DHCP
maybe replacing DNAT with SNAT
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 9090 -j DNAT --to 192.168.103.2:9090
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 9090 -j SNAT --to 192.168.103.2:9090
for vlan you need to assign the ip manually in the VM, for DHCP i'm maybe wrong but maybe your router can do it if it have the requirementJust to test that a different subnet work, i have created a vlan from vmbr0 (vmbr0 is vlan aware) created it as vmbr0.105 and added ip 192.168.105.1/24 with no gateway (its not allowing me to put a gateway), i added the vmrb0 with vlan tag 105 in network devices of the vm but i am testing a truenas vm but it does not get a ip assigned to it.
* the gateway of your VM will be the address of your vmbr0.105 -> 192.168.105.1
Last edited: