Hello,
i have a setup with differnet public IP's and an extra DMZ. My problem, the VMs in the DMZ have no access to the Internet. Here is my setup:
- eno1 with the primary public IP address
- vmbr0 additional public IP's (this VMs have internet access)
- vmbr1 DMZ (this VMs have no internet access, can't ping 8.8.8.8)
VMs with public IPs have the 88.xxx.xxx.1 as default gateway.
VMs in the DMZ have the 10.10.10.1 as default gateway. I can ping the primary IP address 78.xxx.xxx.80 but not outside to internet.
Did i forgot something?
i have a setup with differnet public IP's and an extra DMZ. My problem, the VMs in the DMZ have no access to the Internet. Here is my setup:
- eno1 with the primary public IP address
- vmbr0 additional public IP's (this VMs have internet access)
- vmbr1 DMZ (this VMs have no internet access, can't ping 8.8.8.8)
Code:
auto eno1
iface eno1 inet static
address 78.xxx.xxx.80/27
gateway 78.xxx.xxx.65
up route add -net 78.xxx.xxx.64 netmask 255.255.255.224 gw 78.xxx.xxx.65 dev eno1
up route add -net 88.xxx.xxx.1 netmask 255.255.255.248 gw 78.xxx.xxx.65 dev eno1
up route add -net 10.10.10.1 netmask 255.255.255.0 gw 78.xxx.xxx.65 dev eno1
route 78.xxx.xxx.64/27 via 78.xxx.xxx.65
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
auto vmbr0
iface vmbr0 inet static
#WAN Interface
address 88.xxx.xxx.1
netmask 255.255.255.248
gateway 78.xxx.xxx.65
bridge_ports none
bridge_stp off
bridge_fd 0
up route add 88.xxx.xxx.2/29 dev vmbr0
up route add 88.xxx.xxx.3/29 dev vmbr0
up route add 88.xxx.xxx.4/29 dev vmbr0
auto vmbr1
iface vmbr1 inet static
#DMZ Interface
address 10.10.10.1
netmask 255.255.255.0
gateway 78.xxx.xxx.65
bridge_ports none
bridge_stp off
bridge_fd 0
up route add 10.10.10.150/24 dev vmbr1
up route add 10.10.10.200/24 dev vmbr1
up route add 10.10.10.220/24 dev vmbr1
up route add 10.10.10.230/24 dev vmbr1
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADEVMs with public IPs have the 88.xxx.xxx.1 as default gateway.
VMs in the DMZ have the 10.10.10.1 as default gateway. I can ping the primary IP address 78.xxx.xxx.80 but not outside to internet.
Did i forgot something?