Cannot ping through NAT

J

JustaGuy

Renowned Member
Jan 1, 2010
324
2
83
Hi,

I can't ping either way (VM to PVE or PVE to VM) through a NAT'ed interface. I've tried setting its interface to 'NAT Mode' & 'Bridge Mode' (using the bridge with NAT enabled), and either way I can't ping through the NAT. But PVE can ping the internet.

Here is my /etc/network/interfaces:

Code: 
# network interface settings
auto lo
iface lo inet loopback


auto eth0


auto eth1
iface eth1 inet manual


auto eth2


auto vmbr0
iface vmbr0 inet static
    address 10.20.30.40
    netmask 255.255.255.0
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0
    
auto vmbr1
iface vmbr1 inet static
    address  <Public Static IP>
    netmask  255.255.255.0
    gateway <Public IP Gateway>
    bridge_ports eth1
    bridge_stp off
    bridge_fd 0


auto vmbr2
iface vmbr2 inet static
    address 0.0.0.0
    netmask 0.0.0.0
    gateway 0.0.0.0
    bridge_ports eth2
    bridge_stp off
    bridge_fd 0


auto vmbr3
iface vmbr3 inet static
    address  10.11.12.1
    netmask  255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0


auto vmbr4
iface vmbr4 inet static
    address  10.15.20.1
    netmask  255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0


auto vmbr5
iface vmbr5 inet static
    address 10.200.30.1
    netmask 255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward


    post-up    iptables -t nat -A POSTROUTING -s '10.200.30.0/24' -o vmbr1 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '10.200.30.0/24' -o vmbr1 -j MASQUERADE

The VM in question is a multi-WAN gateway, & I can get it to work properly when I use the following /etc/network/interfaces:

Code: 
# network interface settings
auto lo
iface lo inet loopback


auto eth0


auto eth1


auto eth2


auto vmbr0
iface vmbr0 inet static
    address 10.20.30.40
    netmask 255.255.255.0
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0
    
auto vmbr1
iface vmbr1 inet static
    address  0.0.0.0
    netmask  0.0.0.0
    gateway 0.0.0.0
    bridge_ports eth1
    bridge_stp off
    bridge_fd 0


auto vmbr2
iface vmbr2 inet static
    address 0.0.0.0
    netmask 0.0.0.0
    gateway 0.0.0.0
    bridge_ports eth2
    bridge_stp off
    bridge_fd 0


auto vmbr3
iface vmbr3 inet static
    address  10.11.12.1
    netmask  255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0


auto vmbr4
iface vmbr4 inet static
    address  10.15.20.1
    netmask  255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0

When I use this configuration, I can set the Multi-WAN VM to get the static IP on the eth1 connection, & a DHCP supplied IP on eth2. Multi-WAN works on the LAN(s), but PVE can't get an internet connection itself, so I get no backup status emails, & it won't update with apt.
 
Last edited:
I finally got the second configuration, without NAT, to work. I had omitted a gateway for the LAN address PVE was using as defined in /etc/hosts.

Gave a gateway through the Multi-WAN VM & now PVE has internet, & the Multi-WAN VM can keep the public IP addresses.
 
You must log in or register to reply here.
Top Bottom