Cannot ping through NAT

J

JustaGuy

Renowned Member
Jan 1, 2010
324
2
83
Hi,

I can't ping either way (VM to PVE or PVE to VM) through a NAT'ed interface. I've tried setting its interface to 'NAT Mode' & 'Bridge Mode' (using the bridge with NAT enabled), and either way I can't ping through the NAT. But PVE can ping the internet.

Here is my /etc/network/interfaces:

Code: 
# network interface settings
auto lo
iface lo inet loopback


auto eth0


auto eth1
iface eth1 inet manual


auto eth2


auto vmbr0
iface vmbr0 inet static
    address 10.20.30.40
    netmask 255.255.255.0
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0
    
auto vmbr1
iface vmbr1 inet static
    address  <Public Static IP>
    netmask  255.255.255.0
    gateway <Public IP Gateway>
    bridge_ports eth1
    bridge_stp off
    bridge_fd 0


auto vmbr2
iface vmbr2 inet static
    address 0.0.0.0
    netmask 0.0.0.0
    gateway 0.0.0.0
    bridge_ports eth2
    bridge_stp off
    bridge_fd 0


auto vmbr3
iface vmbr3 inet static
    address  10.11.12.1
    netmask  255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0


auto vmbr4
iface vmbr4 inet static
    address  10.15.20.1
    netmask  255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0


auto vmbr5
iface vmbr5 inet static
    address 10.200.30.1
    netmask 255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward


    post-up    iptables -t nat -A POSTROUTING -s '10.200.30.0/24' -o vmbr1 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '10.200.30.0/24' -o vmbr1 -j MASQUERADE

The VM in question is a multi-WAN gateway, & I can get it to work properly when I use the following /etc/network/interfaces:

Code: 
# network interface settings
auto lo
iface lo inet loopback


auto eth0


auto eth1


auto eth2


auto vmbr0
iface vmbr0 inet static
    address 10.20.30.40
    netmask 255.255.255.0
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0
    
auto vmbr1
iface vmbr1 inet static
    address  0.0.0.0
    netmask  0.0.0.0
    gateway 0.0.0.0
    bridge_ports eth1
    bridge_stp off
    bridge_fd 0


auto vmbr2
iface vmbr2 inet static
    address 0.0.0.0
    netmask 0.0.0.0
    gateway 0.0.0.0
    bridge_ports eth2
    bridge_stp off
    bridge_fd 0


auto vmbr3
iface vmbr3 inet static
    address  10.11.12.1
    netmask  255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0


auto vmbr4
iface vmbr4 inet static
    address  10.15.20.1
    netmask  255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0

When I use this configuration, I can set the Multi-WAN VM to get the static IP on the eth1 connection, & a DHCP supplied IP on eth2. Multi-WAN works on the LAN(s), but PVE can't get an internet connection itself, so I get no backup status emails, & it won't update with apt.
 
Last edited:
I finally got the second configuration, without NAT, to work. I had omitted a gateway for the LAN address PVE was using as defined in /etc/hosts.

Gave a gateway through the Multi-WAN VM & now PVE has internet, & the Multi-WAN VM can keep the public IP addresses.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back