HELP ME!! Bridge on top of bond wifi and ethernet, VM can't get internet connection

R

retiarylime

New Member
Mar 16, 2024
1
0
1
I know I am crazy here to configure this kind of networking but I want to try if possible. Also a noob about networking.

My PVE host have two physical interface, ethernet enp5s0 & wifi wlp6s0. Both connected to different network. enp5s0 is connected to 192.168.1.0/24 network while wlp6s0 is connected to 192.168.0.0/24 network.

My goals:
1. To bond enp5s0 and wlp6s0 as active-backup mode. So that if one got disconnected, I have the other one standby for backup.
2. Creating bridge over the bonded enp5s0/wlp6s0 for VM use.
3. The most important thing is both host and VMs able to get internet connection.

Things I have tried but failed:
1. https://forum.proxmox.com/threads/h...-with-routed-configuration.147714/post-696381
2. https://forum.proxmox.com/threads/combining-bonding-and-nat-problematic.54763/
3. https://forums.debian.net/viewtopic.php?t=157724

My PVE host /etc/network/interfaces :

Code: 
auto lo
iface lo inet loopback

auto eno1
iface eno1 inet manual

auto enp5s0
iface enp5s0 inet manual
    bond-master bond0
    bond-primary wlp6s0
    bond-mode active-backup

auto wlp6s0
iface wlp6s0 inet manual
    bond-master bond0
    bond-primary wlp6s0
    bond-mode active-backup

auto bond0
iface bond0 inet manual
        bond-slaves wlp6s0 enp5s0
        bond-primary wlp6s0
        bond-miimon 1
        bond-mode active-backup
        bond-xmit-hash-policy layer3+4

auto vmbr0
iface vmbr0 inet static
        address 192.168.0.184/24
        gateway 192.168.0.1
        dns-nameservers 1.1.1.1
        bridge-ports bond0
        bridge-stp off
        bridge-fd 0

        post-up iptables -t nat -A PREROUTING -i vmbr0 -j DNAT --to-destination 192.168.0.190
        post-down iptables -t nat -D PREROUTING -i vmbr0 -j DNAT --to-destination 192.168.0.190
        post-up iptables -t nat -A PREROUTING -i vmbr0 -j DNAT --to-destination 192.168.0.132
        post-down iptables -t nat -D PREROUTING -i vmbr0 -j DNAT --to-destination 192.168.0.132

        post-up iptables -t nat -A POSTROUTING -o vmbr0 -j SNAT --to-source 192.168.0.190
        post-down iptables -t nat -D POSTROUTING -o vmbr0 -j SNAT --to-source 192.168.0.190
        post-up iptables -t nat -A POSTROUTING -o vmbr0 -j SNAT --to-source 192.168.0.132
        post-down iptables -t nat -D POSTROUTING -o vmbr0 -j SNAT --to-source 192.168.0.132

post-up iptables -A FORWARD -i bond0 -j ACCEPT
post-up iptables -A FORWARD -o bond0 -j ACCEPT
post-up iptables -A FORWARD -i vmbr0 -j ACCEPT
post-up iptables -A FORWARD -o vmbr0 -j ACCEPT

PVE host route -n :

Code: 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 vmbr0
0.0.0.0         192.168.0.1     0.0.0.0         UG    600    0        0 wlp6s0
0.0.0.0         192.168.1.1     0.0.0.0         UG    20100  0        0 enp5s0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 vmbr0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 vmbr0
192.168.0.0     0.0.0.0         255.255.255.0   U     600    0        0 wlp6s0
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 enp5s0

I am trying to get internet connection on my openwrt VM.

The openwrt VM /etc/config/network :

Code: 
config interface 'loopback'
    option device 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config device
    option name 'br-lan'
    option type 'bridge'
    list ports 'eth0'

config interface 'lan'
    option device 'br-lan'
    option proto 'static'
    option ipaddr '192.168.0.190'
    option netmask '255.255.255.0'
    option ip6assign '60'
    option gateway '192.168.0.184'

config interface 'wan'
    option device 'eth0'
    option proto 'dhcp'

config interface 'wan6'
    option proto 'dhcp'
    option device 'eth1'

openwrt VM route -n :

Code: 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.184   0.0.0.0         UG    0      0        0 eth1
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1

I am not sure if my configs are correct but this is what I've done so far. After done cone NAT for openwrt VM, the VM can ping to 8.8.8.8 however can't ping to gateway 192.168.0.1 and can't connect to the wide internet. And I knew cone NAT makes my PVE host lost internet connection.

I apologize for being stupid and still can't understand iptables, routing, NAT, who is the source, who is the destination and all things regarding networking things. Though I have read so many guidelines and forums.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom