[SOLVED] Can't reach public network with VM connected to private VM network

[ianfd]

Hey together, I'm searching the whole day for a solution but I can't find anything. I'm fairly new to Proxmox and Networking. So, the following situation: I habe 3 Public IPs, one for my reverse proxy, one for my mail server (for convenience) and one for my proxmox host (Just used for the Webinterface of proxmox and nothing else)

Here is my /etc/network/interfaces data:

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

iface lo inet6 loopback

auto enp2s0
iface enp2s0 inet static
        address 148.251.13.xxx/27
        gateway 148.251.13.97
        up route add -net 148.251.13.96 netmask 255.255.255.224 gw 148.251.13.97 dev enp2s0
# route 148.251.13.96/27 via 148.251.13.97

iface enp2s0 inet6 static
        address 2a01:4f8:201:724a::2/64
        gateway fe80::1


auto vmbr0
iface vmbr0 inet static
    address 148.251.13.xxx
    netmask 255.255.255.255
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    bridge_maxwait 0
    pre-up brctl addbr vmbr0
    up ip route add 148.251.13.yy/32 dev vmbr0
    up ip route add 148.251.13.zz/32 dev vmbr0

auto vmbr1
iface vmbr1 inet static
    address 10.10.10.1
    netmask 255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o enp2s0 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o enp2s0 -j MASQUERADE

So, 148.251.13.xxx is my Proxmox main IP, 148.251.13.yy/32 belongs to my nginx and 148.251.13.zz/32 to the mail server. I use vmbr0 to "distribute" these IP addresses to the mail and nginx LXD containers. All of the other LXD containers are connected to vmbr1 and they can access the public internet via that bridge. Now to the main problem: I would like to create a VM, not a container, that can connect to vmbr1 and access the public internet like those containers do. But when I do so (I'm using a ubuntu iso for that VM) I'm just able to ping the other containers on vmbr1, but I can not ping e.g. google.com or so. For the VM I entered the gateway 10.10.10.1 and the subnet 255.255.255.0 (/24).

Does anyone know how to possibly get that working? I'm very thankful for every answer. Have a great day!

 

[Moayad]

Hi,

Check the /etc/resolv.conf file on the VM, if you not see anything please provide the network config of the VM as well

 

[ianfd]

Hey, Moayad thanks for your answer!
/etc/resolv.conf gives me the following:

# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0

maybe the DNS-Server is not reachable?

 

[ph0x]

What's the output of systemctl status systemd-resolved ?

 

[ianfd]

Hey, thats the output of systemctl status systemd-resolved:

     Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2020-12-21 18:41:38 UTC; 17h ago
       Docs: man:systemd-resolved.service(8)
             https://www.freedesktop.org/wiki/Software/systemd/resolved
             https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
             https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
   Main PID: 609 (systemd-resolve)
     Status: "Processing requests..."
      Tasks: 1 (limit: 4621)
     Memory: 8.1M
     CGroup: /system.slice/systemd-resolved.service
             └─609 /lib/systemd/systemd-resolved

Dec 21 18:41:38 gitlab systemd[1]: Starting Network Name Resolution...
Dec 21 18:41:38 gitlab systemd-resolved[609]: Positive Trust Anchors:
Dec 21 18:41:38 gitlab systemd-resolved[609]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Dec 21 18:41:38 gitlab systemd-resolved[609]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 2>
Dec 21 18:41:38 gitlab systemd-resolved[609]: Using system hostname 'gitlab'.
Dec 21 18:41:38 gitlab systemd[1]: Started Network Name Resolution.

The VM config in Proxmox:

balloon: 1024
boot: order=scsi0;ide2;net0
cores: 1
ide2: none,media=cdrom
memory: 4096
name: gitlab
net0: virtio=2A:72:D0:34:0D:A5,bridge=vmbr1
numa: 0
ostype: l26
scsi0: StorageVolume:vm-115-disk-0,size=64G
scsihw: virtio-scsi-pci
smbios1: uuid=b6d0c170-f323-4982-954c-f45c5f81ba0e
sockets: 1
vmgenid: 8eb3d7e6-c2d6-44d3-836b-e1bebb8cb1a8

 

[ianfd]

Okey, I was able to change the nameservers to those that are used on the ubuntu containers and it's working ! So everyone who is having the same error, check your nameservers! I propably forgot to set them during initial setup.

But thanks for your help @ph0x and @Moayad !!

 

[Moayad]

Glad you solved your issue!

Please mark the thread as [SOLVED] to help other people who have the same issue Thanks!

Have a nice day