Does anyone have Proxmox 7.1 (from ISO) on Hetzner working with a private bridge network with NAT?

O

oktay

Member
Dec 20, 2019
15
1
23
123
I've been trying to get this working for a few days now. I am doing exactly as told on the documentation and a few other docs. On one server the MASQUERADE settings do not apply (empty rule) on the other the rules apply but the VMs on the private LAN cannot reach the internet. They can ping the host's Private IP and each other.

Right now I am working on the one that does take the iptables rules.
My interfaces file has this:

auto lo
iface lo inet loopback

iface enp7s0 inet manual

auto vmbr0
iface vmbr0 inet static
address x.x.x.x/26
gateway x.x.x.x
bridge-ports enp7s0
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet static
address 10.0.10.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.0.10.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.10.0/24' -o vmbr0 -j MASQUERADE

# these didn't make a difference. I have all firewalls disabled. (I also tried with them enabled)
#post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
#post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1


On the Vm site everything seems in order. I was even able to NAT it via one of the other VM's with public IP when testing.

By the way, I also tried to use vswitches to connect two hosts but as soon as I add the servers to the vswitch my bridged PUBLIC IP based VMs' network stops working.
 
Are your sure the FORWARD is ACCEPTed in iptables? Please post output from "iptables-save".
 
Last edited:
ikke thanks for your reply. Here's the iptables-save output

[ICODE]# iptables-save # Generated by iptables-save v1.8.7 on Wed Dec 1 07:37:46 2021 *nat :pREROUTING ACCEPT [321165:18565718] :INPUT ACCEPT [8976:471461] :OUTPUT ACCEPT [451:29458] :pOSTROUTING ACCEPT [10548:614086] -A POSTROUTING -s 10.0.10.0/24 -o vmbr0 -j MASQUERADE COMMIT # Completed on Wed Dec 1 07:37:46 2021 # Generated by iptables-save v1.8.7 on Wed Dec 1 07:37:46 2021 *raw :pREROUTING ACCEPT [986033:659095736] :OUTPUT ACCEPT [110375:45101914] -A PREROUTING -i fwbr+ -j CT --zone 1 COMMIT # Completed on Wed Dec 1 07:37:46 2021 # Generated by iptables-save v1.8.7 on Wed Dec 1 07:37:46 2021 *filter :INPUT ACCEPT [115596:30094249] :FORWARD ACCEPT [585430:613938548] :OUTPUT ACCEPT [116564:47013188] COMMIT # Completed on Wed Dec 1 07:37:46 2021[/ICODE]
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back