Internal VMs with Private IPs cannot access VMs with public IPs ????? Please help!

[Netizen]

Hello people,

I have a Proxmox server with a couple of single public IPs as well as a subnet (public) assigned from the DataCenter.
On top of that I have some VMs with private IPs.
The network generaly works but when it comes to the private VMs, I can access the internet with no issues (incoming-outgoing) however I cannot access the VMs with the public IPs. For example a VM with IP 5.5.5.10 (hypothetical IP) cannot access the VM with IP 192.168.0.10 or the other way round.

Obviously I am missing something here. Can someone please have a look at the interfaces below and spot the problem? I am trying to solve it several days now but with no success whatsoever!
Much appreciated!

>>>>

# network interface settings
##############################
auto lo
iface lo inet loopback
##############################
#
#
##############################
auto eth0
iface eth0 inet static
address 1.1.1.1 <IP Replaced for security Reasons. This is the main IP of the host>
netmask 255.255.255.255
gateway 1.1.1.253 <IP Replaced for security Reasons. This is the main gateway IP of the host>
broadcast 1.1.1.31 <IP Replaced for security Reasons. This is the broadcast IP of the host as given by the DataCenter>
pointopoint 1.1.1.253 <IP Replaced for security Reasons. This is the main gateway IP of the host>
##############################
#
#
##############################
# bridge for VMs with SINGLE public IPs (DMZ)
auto vmbr0
iface vmbr0 inet static
address 1.1.1.1 <IP Replaced for security Reasons. This is the main IP of the host>
netmask 255.255.255.255
broadcast 1.1.1.31 <IP Replaced for security Reasons. This is the broadcast IP of the host as given by the DataCenter>
bridge_ports none
bridge_stp off
bridge_fd 0
# use only if Shorewall is down:
post-up echo 0 > /proc/sys/net/ipv4/conf/vmbr0/send_redirects
up ip route add 2.2.2.2/32 dev vmbr0 <Extra single public IP address given by the DataCenter>
up ip route add 1.1.1.253 <IP Replaced for security Reasons. This is the main gateway IP of the host>3/32 dev vmbr0
##############################
#
#
##############################
# bridge for assigning a SUBNET to VMs
#
auto vmbr1
iface vmbr1 inet static
address 5.5.5.5 <This is the first usable IP of a subnet given by the DataCenter>
#<A usable IP address from the additional subnet>
netmask 255.255.255.0
#<Netmask of the additional subnet>
bridge_ports none
bridge_stp off
bridge_fd 0
#
###############################
#
#
#
###############################
# bridge for internal LAN with private IPs
auto vmbr2
iface vmbr2 inet static
address 192.168.0.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
#
# post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o eth0 -j MASQUERADE
# post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o eth0 -j MASQUERADE
###############################

 

[Netizen]

Re: Internal VMs with Private IPs cannot access VMs with public IPs ????? Please help

bump
anyone?

 

[Netizen]

Re: Internal VMs with Private IPs cannot access VMs with public IPs ????? Please help

OK I found what he problem is but I still don't know how to correct it.
When I connect from a VM with a private IP (i,e 192.168.0.10) to a VM with a public IP, the VM on the public sees the connection as from 192.168.0.10 instead of the main proxmox IP (eth0). The result is that the VM is block the connection as a bogon IP.
How can I make the private VMs to access the public ones PROPERLY (via the eth0 IP)?

Any hints???

 

[pirateghost]

Re: Internal VMs with Private IPs cannot access VMs with public IPs ????? Please help

Why would you access their public ip addresses if they are internal on the network?

Sent from my Nexus 5

 

[Netizen]

Re: Internal VMs with Private IPs cannot access VMs with public IPs ????? Please help

Just one of the reasons is that those 2 VMs have voip software inside which requires special extra configuration to support NAT and is a headache to configure.
There are other reasons as well.

 

[gkovacs]

Re: Internal VMs with Private IPs cannot access VMs with public IPs ????? Please help

Not sure if I understand your problem completely, but you need to have some kind of gateway between the public internet and your private network that does the network address translation and packet routing / forwarding.

We use open source firewall software installed in VM's with two network connections, one for the public and one for the private network address space (with rules that handle what can go out / come in). Our VM's on the private subnet have the firewall's private IP set as gateway, that's how they access the internet.

 

[kobuki]

Re: Internal VMs with Private IPs cannot access VMs with public IPs ????? Please help

You'll most probably need NAT loopback (https://en.wikipedia.org/wiki/Network_address_translation#NAT_loopback) as the simplest case.

 

[Netizen]

Re: Internal VMs with Private IPs cannot access VMs with public IPs ????? Please help

You'll most probably need NAT loopback (https://en.wikipedia.org/wiki/Network_address_translation#NAT_loopback) as the simplest case.

The concept on the link is well understood, but isn't this line which I already have supposed to be providing this? >>

auto lo
iface lo inet loopback

 

[kobuki]

Re: Internal VMs with Private IPs cannot access VMs with public IPs ????? Please help

No. You'll probably need to study more on basic Linux networking. The default loopback interface is not what you need. It's the virtual interaface that usually carries the server-local network and the ip 127.0.0.1.