How to make Proxmox masquerade to secondary IP?

K

kotakomputer

Renowned Member
May 14, 2012
429
13
83
Jakarta, Indonesia
www.proxmoxindo.com
I have 2 IP addresses, but I want to Masquerade using secondary IP, guests using KVM-WinXP with LAN IP.
My primary IP is 192.95.31.41 (eth0) and secondary IP is 198.50.153.144.

Here is my /etc/network/interface:

Code: 
# network interface settings
auto lo
iface lo inet loopback

iface eth0 inet manual

auto vmbr1
iface vmbr1 inet static
        address  192.168.0.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        post-up /etc/pve/kvm-networking.sh

auto vmbr0
iface vmbr0 inet static
        address  192.95.31.41
        netmask  255.255.255.0
        gateway  192.95.31.254
        broadcast  192.95.31.255
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
        network 192.95.31.0

auto vmbr2
iface vmbr2 inet static
        address  198.50.153.144
        netmask  255.255.255.0
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr2 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o vmbr2 -j MASQUERADE

Above settings won't Masquerade using vmbr2 (but using vmbr0 was fine). Should I use eth0:0 for secondary IP?

Any advice how to setup this in Proxmox way?
 
Last edited:
Your default gateway is on vmbr0. Thus, for packets leaving your box, this is the bridge interface they leave on. Your masq rule won`t match. Drop the `-o vmbr2` part.
 
kotakomputer said:
Please read carefully my post


Mean, I can masquerade them using vmbr0, but I want to use secondary IP.
Click to expand...

Your objective and your iptables rules contradict each other. Please clarify what you want to achieve. But as udo has already said, you need to alias the bridge interfaces, not the physical ones. On which bridge are your VMs? If they're on vmbr2, you can't use the secondary ip as alias on vmbr0 for snat (you don't really need an alias btw, you could just add a new ip to an interface using iproute2 tools). If they're on vmbr0, the alias should work but don't forget to adjust the iptables rules.
 
You can just alias IP2 on/assign to vmbr0 besides the main IP. OTOH, eth0 can only be enslaved to a single bridge. That bridge will host all IPs. Using a separate bridge for VMs is not a requirement but can help with isolating different networks if configured correctly. Tell us which one (single/multiple bridges) you'd like so we can progress in the right direction. As a side note, 192.168.0.0/24 is far too common a subnet, I'd recommend using something else.

Edit: I assume the default gateway works for both IPs since according to OP, SNATted from vmbr0 it works as expected.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back