Is there a limitation Proxmox puts on having a Linux Container do IP forwarding in PVE? I built a Debian12 LXC from the Proxmox template. Built an IPsec VPN connection going out to a secure web gateway. The LXC is sending its own traffic down the VPN, ala
I enabled IPV4 forwarding in sysctl, downloaded UFW and ran both
Edit
Several reloads and reboots followed
But
I can build a Debian VM from the netinst ISO and use the same process, which works.
Does it have anything to do with pve-firewall not doing forwarding and I'd have to change to proxmox-firewall to get the LXC to forward? The LXC container netw interface did not have the Firewall option enabled.
curl https://ifconfig.ioI enabled IPV4 forwarding in sysctl, downloaded UFW and ran both
ufw default allow routed and Edit
/etc/default/ufw and set DEFAULT_FORWARD_POLICY to ACCEPT:DEFAULT_FORWARD_POLICY="ACCEPT"Several reloads and reboots followed
But
ufw status verbose still always shows the default action of Routed to be DENY and the LXC will not forward any traffic meant for the VPN from another device in that subnet.I can build a Debian VM from the netinst ISO and use the same process, which works.
Does it have anything to do with pve-firewall not doing forwarding and I'd have to change to proxmox-firewall to get the LXC to forward? The LXC container netw interface did not have the Firewall option enabled.