DNS-configuration with Linux-Bridge vmbr1

F

fruchtzwerg

New Member
Apr 3, 2023
22
0
1
Problem: Within containers I can't connect to webservices which are installed on the same host.

Setting:
Proxmox is installed on an VPS with one public IP. For all the LXC Containers I set up an additional linux-bridge vmbr1.

This is the content of /etc/network/interfaces (I removed all the things about ipv6):
Code: 
auto lo
iface lo inet loopback

auto enp6s18
iface enp6s18 inet manual

auto vmbr0
iface vmbr0 inet static
        address xx.xxx.xx.xxx/24
        gateway xx.xxx.xxx.xxx
        bridge-ports enp6s18
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address 192.168.178.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s 192.168.178.0/24 -o vmbr0 -j MASQUERADE
        post-up /root/iptables.sh
        post-down iptables -t nat -D POSTROUTING -s 192.168.178.0/24 -o vmbr0 -j MASQUERADE

source /etc/network/interfaces.d/*

All my LXC - containers use the vmbr1 with 192.168.178.1 (the host) as gateway and the hosts DNS-settings, so that they have access to the internet.

Some container LXC1with the intern IP 192.168.178.200 also provides a service for my website service1.example-xxx.de

Problem:
I just discovered that from inside an LXC2 I can't ping service1.example-xxx.de while I can
ping 1.1.1.1
ping google.com
ping 192.168.178.200 (intern IP of LXC1)

I guess I have to change the DNS-Settings but how?
 
Last edited:
Hey there!

First of all, you can set the DNS settings for your containers in your WebGUI at "LXC2 > DNS". By default, they use the same DNS servers you have set up on your PVE host. As you can successfully ping google.com your DNS for external services should probably be fine.

Are your services (e.g. service1.example-xxx.de) local network hostnames or subdomains? In either case check if the domain name itself is resolvable to the actual IP address (your PVE host) you're trying to reach.

I would suggest you to do the following:

1. Check if you can ping 192.168.178.1 from your containers.
2. If you have enabled the firewall for your containers, take a look at [1] and add the additional iptables rules to your interfaces setup.
3. Check the output of tcpdump -envi vmbr0 arp or icmp for any packets that have a source IP of xx.xxx.xx.xxx (the address from your vmbr0); if it shouldn't exist check if your iptables rules in /root/iptables.sh block any traffic from that

[1] https://pve.proxmox.com/wiki/Network_Configuration#sysadmin_network_masquerading
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back