[SOLVED] DNS inside guest with NAT not working

M

mike_

Active Member
Feb 25, 2014
8
0
41
Hi,

I'm trying to set up NAT for some of my VMs that don't have a public IP but need outbound access. I've followed a few guides but it's not working. Firewall is disabled on the VM network device.

Host configuration:

Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
    address yyyy/24
    gateway yyyy
    bridge-ports eno1
    bridge-stp off
    bridge-fd 0

iface vmbr0 inet6 static
    address xxxx/64
    gateway xxxx

auto vmbr2
iface vmbr2 inet static
    address  172.16.0.254
    netmask  255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s '172.16.0.0/24' -o vmbr0 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '172.16.0.0/24' -o vmbr0 -j MASQUERADE

# NAT Network
auto vmbr3
iface vmbr3 inet static
        address  192.168.1.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24'
        post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

VM configuration:
Code: 
auto ens19
iface ens19 inet static
    address 172.16.0.120
    netmask 255.255.255.0
    broadcast 172.16.0.255

auto ens20
iface ens20 inet static
    address 192.168.1.120
    netmask 255.255.255.0
    broadcast 192.168.1.255
    gateway 192.168.1.1
   dns-nameservers 213.186.33.99

Output of ip route:

Code: 
default via 192.168.1.1 dev ens20 onlink
172.16.0.0/24 dev ens19 proto kernel scope link src 172.16.0.120
192.168.1.0/24 dev ens20 proto kernel scope link src 192.168.1.120

/etc/resolv.conf

Code: 
nameserver 213.186.33.99

Code: 
ping 213.186.33.99
PING 213.186.33.99 (213.186.33.99) 56(84) bytes of data.
64 bytes from 213.186.33.99: icmp_seq=1 ttl=57 time=0.292 ms
64 bytes from 213.186.33.99: icmp_seq=2 ttl=57 time=0.383 ms
^C
--- 213.186.33.99 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 7ms
rtt min/avg/max/mdev = 0.292/0.337/0.383/0.049 ms



nslookup bbc.co.uk
;; connection timed out; no servers could be reached
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back