Combining bonding and NAT problematic

liquidox

Well-Known Member
Sep 21, 2016
37
2
48
79
I am trying to combine bonding with NAT as follows:
Code:
auto lo
iface lo inet loopback

iface eno1 inet manual

iface eno2 inet manual

auto bond0
iface bond0 inet static
        slaves eno1 eno2
        address FIRST_IP
        netmask 255.255.255.0
        hwaddress SOME_MAC_ADDRESS
        bond-miimon 100
        bond-mode 802.3ad
        bond-xmit_hash_policy layer2+3
        bond-lacp-rate 1
        up ip route add default via FIRST_IP dev bond0 metric 100

auto bond0:1
iface bond0:1 inet static
        address SECOND_IP
        netmask 255.255.255.0
        up ip route add default via SECOND_IP dev bond0 metric 200

auto vmbr0
iface vmbr0 inet static
        address 10.0.0.1
        netmask 255.255.0.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

        post-up   iptables -t nat -A POSTROUTING -s '10.0.1.0/24' -o bond0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.0.1.0/24' -o bond0 -j MASQUERADE

        post-up   iptables -t nat -A POSTROUTING -s '10.0.2.0/24' -o bond0:1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.0.2.0/24' -o bond0:1 -j MASQUERADE


This does not work however, cannot ping internet from inside containers. However, after a lot of fiddling and googling, this does seem to work:
Code:
auto lo
iface lo inet loopback

iface eno1 inet manual

iface eno2 inet manual

auto bond0
iface bond0 inet manual
        slaves eno1 eno2
        hwaddress SOME_MAC_ADDRESS
        bond-miimon 100
        bond-mode 802.3ad
        bond-xmit_hash_policy layer2+3
        bond-lacp-rate 1

auto vmbr1
iface vmbr1 inet static
        address  FIRST_IP
        netmask  255.255.255.0
        bridge_ports bond0
        bridge_stp off
        bridge_fd 0
        up ip route add default via FIRST_IP dev vmbr1 metric 100
        down ip route del default via FIRST_IP dev vmbr1 metric 100

auto vmbr1:0
iface vmbr1:0 inet static
        address  SECOND_IP
        netmask  255.255.255.0
        up ip route add default via SECOND_IP dev vmbr1:0 metric 200
        down ip route del default via SECOND_IP dev vmbr1:0 metric 200

auto vmbr0
iface vmbr0 inet static
        address 10.0.0.1
        netmask 255.255.0.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

        post-up   iptables -t nat -A POSTROUTING -s '10.0.1.0/24' -o vmbr1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.0.1.0/24' -o vmbr1 -j MASQUERADE

        post-up   iptables -t nat -A POSTROUTING -s '10.0.2.0/24' -o vmbr1:0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.0.2.0/24' -o vmbr1:0 -j MASQUERADE


But I don't understand why solution #1 does not work, it's much cleaner than #2, so I would like to use the first one somehow. Any ideas?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!