[SOLVED] DNS inside guest with NAT not working

mike_

Active Member
Feb 25, 2014
8
0
41
Hi,

I'm trying to set up NAT for some of my VMs that don't have a public IP but need outbound access. I've followed a few guides but it's not working. Firewall is disabled on the VM network device.

Host configuration:

Code:
auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
    address yyyy/24
    gateway yyyy
    bridge-ports eno1
    bridge-stp off
    bridge-fd 0

iface vmbr0 inet6 static
    address xxxx/64
    gateway xxxx

auto vmbr2
iface vmbr2 inet static
    address  172.16.0.254
    netmask  255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s '172.16.0.0/24' -o vmbr0 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '172.16.0.0/24' -o vmbr0 -j MASQUERADE

# NAT Network
auto vmbr3
iface vmbr3 inet static
        address  192.168.1.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24'
        post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

VM configuration:
Code:
auto ens19
iface ens19 inet static
    address 172.16.0.120
    netmask 255.255.255.0
    broadcast 172.16.0.255

auto ens20
iface ens20 inet static
    address 192.168.1.120
    netmask 255.255.255.0
    broadcast 192.168.1.255
    gateway 192.168.1.1
   dns-nameservers 213.186.33.99

Output of ip route:

Code:
default via 192.168.1.1 dev ens20 onlink
172.16.0.0/24 dev ens19 proto kernel scope link src 172.16.0.120
192.168.1.0/24 dev ens20 proto kernel scope link src 192.168.1.120

/etc/resolv.conf

Code:
nameserver 213.186.33.99

Code:
ping 213.186.33.99
PING 213.186.33.99 (213.186.33.99) 56(84) bytes of data.
64 bytes from 213.186.33.99: icmp_seq=1 ttl=57 time=0.292 ms
64 bytes from 213.186.33.99: icmp_seq=2 ttl=57 time=0.383 ms
^C
--- 213.186.33.99 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 7ms
rtt min/avg/max/mdev = 0.292/0.337/0.383/0.049 ms



nslookup bbc.co.uk
;; connection timed out; no servers could be reached