We have a proxmox server hosted at online.net. It has two external IPs 62.x.x.17 on eth0 and 212.y.y.155 connected to a virtual mac, provided by online.net also on eth0.
I followed this guide https://goo.gl/aykcAS to set the server up, which I found very helpful.
My configuration is that I have all my vms sitting on vmbr10 in a private subnet, 10,100,100.x. One server running nginx acts as a reverse proxy for 80,443. All the vms on that private subnet can access the internet.
I want to connect a container directly to 212.y.y.155, ie so that it is connected directly to the net. I have set the container to use the mac address of the virtual mac and the ip 212.y.y.155/32 and the gateway provided by online.net. I can ping say google.com, however I cannot access anything on port 80, so for example wget google.com resolves the domain, but just hangs when downloading on port 80. We plan to run an application on this server that will access files on amazon s3 on port 80 so I need to get this to work.
Thomas from Proxmox said that "It looks like you have prerouting rules setup in the /etc/network/interfaces file which NAT the traffic from all TCP traffic on ports 80, 443, 9001 to the vmbr10, you should exclude the IP address from the CT 106 from this as else it will me routed to the vmbr10 network before it can hit any other rules."
I have therefore set my configuration as below (note prerouting excludes 212.y.y.155). However it still does not work. Any suggestions would be hugely appreciated as I have been trying many different option and seem to be getting nowhere.
Many thanks.
/etc/network/interfaces
===================
auto lo
iface lo inet loopback
iface eth0 inet manual
iface eth1 inet manual
auto vmbr0
iface vmbr0 inet static
address 62.x.x.17
netmask 255.255.255.0
gateway 62.x.x.1
bridge_ports eth0
bridge_stp off
bridge_fd 0
auto vmbr10
iface vmbr10 inet static
address 10.100.100.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -o vmbr0 -s 10.100.100.0/24 ! -d 10.100.100.0/24 -j SNAT --to 62.x.x.17
post-down iptables -t nat -D POSTROUTING -o vmbr0 -s 10.100.100.0/24 ! -d 10.100.100.0/24 -j SNAT --to 62.x.x.17
post-up iptables -t nat -A PREROUTING -i vmbr0 ! -d 212.y.y.155/32 -p tcp --dport 80 -j DNAT --to 10.100.100.1:80
post-down iptables -t nat -D PREROUTING -i vmbr0 ! -d 212.y.y.155/32 -p tcp --dport 80 -j DNAT --to 10.100.100.1:80
post-up iptables -t nat -A PREROUTING -i vmbr0 ! -d 212.y.y.155/32 -p tcp --dport 443 -j DNAT --to 10.100.100.1:443
post-down iptables -t nat -D PREROUTING -i vmbr0 ! -d 212.y.y.155/32 -p tcp --dport 443 -j DNAT --to 10.100.100.1:443
Container Configuration
===================
nameserver: 8.8.8.8
net0: name=eth0,bridge=vmbr0,gw=62.x.x.1,hwaddr=00:16:3e:00:15:21,ip=212.y.y.155/32,type=veth
hwaddr=00:16:3e:00:15:21 is the virtual mac
I followed this guide https://goo.gl/aykcAS to set the server up, which I found very helpful.
My configuration is that I have all my vms sitting on vmbr10 in a private subnet, 10,100,100.x. One server running nginx acts as a reverse proxy for 80,443. All the vms on that private subnet can access the internet.
I want to connect a container directly to 212.y.y.155, ie so that it is connected directly to the net. I have set the container to use the mac address of the virtual mac and the ip 212.y.y.155/32 and the gateway provided by online.net. I can ping say google.com, however I cannot access anything on port 80, so for example wget google.com resolves the domain, but just hangs when downloading on port 80. We plan to run an application on this server that will access files on amazon s3 on port 80 so I need to get this to work.
Thomas from Proxmox said that "It looks like you have prerouting rules setup in the /etc/network/interfaces file which NAT the traffic from all TCP traffic on ports 80, 443, 9001 to the vmbr10, you should exclude the IP address from the CT 106 from this as else it will me routed to the vmbr10 network before it can hit any other rules."
I have therefore set my configuration as below (note prerouting excludes 212.y.y.155). However it still does not work. Any suggestions would be hugely appreciated as I have been trying many different option and seem to be getting nowhere.
Many thanks.
/etc/network/interfaces
===================
auto lo
iface lo inet loopback
iface eth0 inet manual
iface eth1 inet manual
auto vmbr0
iface vmbr0 inet static
address 62.x.x.17
netmask 255.255.255.0
gateway 62.x.x.1
bridge_ports eth0
bridge_stp off
bridge_fd 0
auto vmbr10
iface vmbr10 inet static
address 10.100.100.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -o vmbr0 -s 10.100.100.0/24 ! -d 10.100.100.0/24 -j SNAT --to 62.x.x.17
post-down iptables -t nat -D POSTROUTING -o vmbr0 -s 10.100.100.0/24 ! -d 10.100.100.0/24 -j SNAT --to 62.x.x.17
post-up iptables -t nat -A PREROUTING -i vmbr0 ! -d 212.y.y.155/32 -p tcp --dport 80 -j DNAT --to 10.100.100.1:80
post-down iptables -t nat -D PREROUTING -i vmbr0 ! -d 212.y.y.155/32 -p tcp --dport 80 -j DNAT --to 10.100.100.1:80
post-up iptables -t nat -A PREROUTING -i vmbr0 ! -d 212.y.y.155/32 -p tcp --dport 443 -j DNAT --to 10.100.100.1:443
post-down iptables -t nat -D PREROUTING -i vmbr0 ! -d 212.y.y.155/32 -p tcp --dport 443 -j DNAT --to 10.100.100.1:443
Container Configuration
===================
nameserver: 8.8.8.8
net0: name=eth0,bridge=vmbr0,gw=62.x.x.1,hwaddr=00:16:3e:00:15:21,ip=212.y.y.155/32,type=veth
hwaddr=00:16:3e:00:15:21 is the virtual mac
Last edited:
