[SOLVED] Container are loosing network connect when networking is restarted on host

C

CaptainPsycho

New Member
Jul 9, 2021
6
1
3
124
Hi,

I am using a NAT+Maquerading configuration in /etc/network/interfaces to expose services running in a pivate internal network.

So far everything is working.

When adding a new service and restarting networking service with "systemctl restart newtorking.service" on the host, all guest CT are loosing their network connection. They are also not accessable via SSH anymore.

After reboot of Container everything is fine again.

Is there a way to not have to reboot each container?

Code: 
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface eno1 inet manual

iface enp3s2 inet manual

auto vmbr0
iface vmbr0 inet static
        address 10.100.64.109/23
        gateway 10.100.65.254
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address 192.168.0.254
        netmask 255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        #Masquerade / NAT
        post-up         echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up         iptables -t nat -A POSTROUTING -j MASQUERADE
        post-up         iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE
        post-down       iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE
        post-up         iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-down       iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

        ############
        #NGINX
        ############

        #NGINX http
        post-up         iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 192.168.0.1:80
        post-down       iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 192.168.0.1:80

        #NGINX https
        post-up         iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 192.168.0.1:443
        post-down       iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 192.168.0.1:443


Regards,
Joachim
 
Last edited:
That's to be expected when restarting the network service.
Why exactly do you have to restart it?
 
I added additional NAT rules for other services to the interfaces file.

e.g.

Code: 
#Wordpress http
        post-up         iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 192.168.0.2:80
        post-down       iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 192.168.0.2:80
 
Make sure you have `ifupdown2` installed. With `ifupdown2` you can use `ifreload -a` to reload the network config without destroying all devices.
 
  • Like
Reactions: CaptainPsycho
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom