CT with multiple VLANs can't reach internet (via ipv4 only)

[hydaz]

Hi

I have 2 proxmox hosts, and I would like to make a CT thats just for docker, my requirements are to have 3 VLANs in the docker CT, which are the LAN, IoT (2), and an isolated VLAN (100). seems simple right? I have configured 2 networks on the CT:

eth0 is the LAN network, eth100 is the isolated VLAN. seems alright? no, we are getting an ip address over DHCP, however...:


I can't ping anything outside the isolate LAN, which is expected, there is a intervlan block firewall rule, but i cant ping outside of the LAN through the WAN, on ipv4 only. ipv6 appears to work:
192.168.100.1 is the gateway, 192.168.100.2 is another server, 192.168.1.2 is a server on a different LAN, and obviously 1.1.1.1 is outside the LAN, so we should be able to ping, but we cant, no response/timed out, but pinging the ipv6 version of 1.1.1.1 we have success...


this is not a network configuration error, on another VM with VLAN 100, i can ping 1.1.1.1:

If anyone could point out why im unable to ping things outside the LAN it would be much appreciated , btw the same behavior is exhibited with the IoT vlan within the CT.

 

[floh8]

show your host configuration!

 

[hydaz]

show your host configuration!

heres the host and the ct configuration if thats what you mean

 

[floh8]

read here: https://forum.proxmox.com/threads/v...n-blocking-then-forwarding.124934/post-547356

 

[hydaz]

Problem was with me incorrectly creating a bridge network for docker to use, the bridge network was trying to get the same IP as the parent, causing a little problem with IP overlaps (i think...)