Issue with assigning two subnets

TheQuake · Apr 16, 2015

At this moment:

Code:

 cat /etc/network/interfaces
auto lo
iface lo inet loopback


auto vmbr0
iface vmbr0 inet static
        address 162.213.31.137
        netmask 255.255.255.0
        gateway 162.213.31.1
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0


auto vmbr1
iface vmbr1 inet static
        address 199.168.137.2
        netmask 255.255.255.0
        gateway 199.168.137.1
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

But vmbr1 subnet is not accessible, so how to make two subnets working on one server? It's openVZ

Nemesiz · Apr 16, 2015

Code:

auto vmbr0:0
iface vmbr0:0 inet static
        address 199.168.137.2
        netmask 255.255.255.0
        gateway 199.168.137.1
        post-up /sbin/ifconfig vmbr0:0 199.168.137.2 netmask 255.255.255.0

Having 2 or more gateways you have to make some rules for decision where the packet have to go through.

TheQuake · Apr 16, 2015

Thanks for you reply, but now I'm getting:

Thu Apr 16 06:02:22 2015: RTNETLINK answers: File existsThu Apr 16 06:02:22 2015: Failed to bring up vmbr0:0.Thu Apr 16 06:02:22 2015: done.

Nemesiz · Apr 16, 2015

print results of:

brctl show
cat /proc/net/dev

TheQuake · Apr 16, 2015

Code:

brctl show

bridge name     bridge id               STP enabled     interfaces
vmbr0           8000.e89a8f141c26       no              eth0

Code:

cat /proc/net/dev

Inter-|   Receive                                                |  Transmit
 face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
    lo:  486939     365    0    0    0     0          0         0   486939     365    0    0    0     0       0          0
  eth0:  888194    6190    0    0    0     0          0       367  2232975    3897    0    0    0     0       0          0
  eth1:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
venet0:   24276     201    0    0    0     0          0         0    27581     166    0    3    0     0       0          0
 vmbr0:  151874     797    0    0    0     0          0       102   202945     431    0    0    0     0       0          0

Nemesiz · Apr 17, 2015

Try to run `ifconfig vmbr0:0 192.168.55.1`

TheQuake · Apr 17, 2015

Should i reboot server to apply this command?
For example i can ping VPS from main machine using IP i assigned to that server, but i can't ping it from outside.
No results after reboot. Maybe there is problem with forwarding? http://servernetworktech.com/2012/12/proxmox-and-using-nat-with-a-virtual-machine/

Nemesiz · Apr 17, 2015

The URL you give writes about NAT. In your first post you gave public IP as example or not but for public IP you don`t need NAT.
Can you give the results of `ifconfig vmbr0:0 192.168.55.1` command ?

TheQuake · Apr 17, 2015

It returns nothing

Nemesiz · Apr 17, 2015

So you get no error. After this command you can ping 192.168.55.1 locally and it should work.

Another question you have 2 NIC. Booth are used for INTERNET or one of them are for local network ?

TheQuake · Apr 17, 2015

First NIC is for the internet, and the second is a second router

Nemesiz · Apr 17, 2015

From your given configure 162.213.31.137 and 199.168.137.2 are accessible from first NIC ?

TheQuake · Apr 17, 2015

Yes, 162.213.31.137 is main machine address

Nemesiz · Apr 18, 2015

Your ISP is locking IP on MAC ?

My example of 2 and more subnets and gateways http://forum.proxmox.com/threads/16476-2-separate-sub-nets-1-NIC?p=84934#post84934

Its needed only then you use it in one place. If you want to pass through use bridge and don`t assign address.

TheQuake · Apr 18, 2015

I don't think so, i bought server on quadix.co, they setup my server with 162.213.31.0 network, and later they said that i can use 199.168.137.0, but i can't get second network working.

auto vmbr0:0
iface vmbr0:0 inet static
address 199.168.137.2
netmask 255.255.255.0
gateway 199.168.137.1 post-up /sbin/ifconfig vmbr0:0 199.168.137.2 netmask 255.255.255.0

It should work without doing anything else?
I can assign IP's from second network to the VM, i can see them from main machine, what i have to do to connect to them from outside?
Why it's so difficult.

traceroute results of some ip's from second and first network (done on main machine)
http://pastebin.com/5zRheCSR
traceroute 199.168.137.1 = 199.168.137.2 - this ip is unaccessible from outside.
traceroute 162.213.31.1 = 104.193.10.1 - this ip is accessible from outside.
Maybe it's isp problem?

Nemesiz · Apr 19, 2015

can you print `ip r` results ?

TheQuake · Apr 19, 2015

162.213.31.159 dev venet0 scope link
162.213.31.143 dev venet0 scope link
162.213.31.158 dev venet0 scope link
162.213.31.142 dev venet0 scope link
199.168.137.3 dev venet0 scope link
162.213.31.157 dev venet0 scope link
162.213.31.141 dev venet0 scope link
162.213.31.156 dev venet0 scope link
162.213.31.140 dev venet0 scope link
162.213.31.155 dev venet0 scope link
162.213.31.139 dev venet0 scope link
162.213.31.138 dev venet0 scope link
162.213.31.154 dev venet0 scope link
162.213.31.153 dev venet0 scope link
162.213.31.152 dev venet0 scope link
162.213.31.151 dev venet0 scope link
162.213.31.150 dev venet0 scope link
162.213.31.164 dev venet0 scope link
162.213.31.149 dev venet0 scope link
162.213.31.165 dev venet0 scope link
162.213.31.148 dev venet0 scope link
162.213.31.162 dev venet0 scope link
162.213.31.147 dev venet0 scope link
162.213.31.163 dev venet0 scope link
162.213.31.146 dev venet0 scope link
162.213.31.160 dev venet0 scope link
162.213.31.145 dev venet0 scope link
162.213.31.161 dev venet0 scope link
162.213.31.144 dev venet0 scope link
199.168.137.0/24 dev vmbr1 proto kernel scope link src 199.168.137.2
162.213.31.0/24 dev vmbr0 proto kernel scope link src 162.213.31.137
default via 162.213.31.1 dev vmbr0

There is it

Nemesiz · Apr 19, 2015

As you can see you have one gateway and its for 162.213.31.0/24
199.168.137.0/24 tries to go through 162.213.31.1 and get reject.

If you carefull look at my post you can find

Code:

default 
    nexthop via x.x.84.1  dev vmbr1 weight 1
    nexthop via x.x.85.1  dev vmbr1v1 weight 1
    nexthop via x.x.85.1  dev vmbr1v2 weight 1
    nexthop via x.x.63.254  dev vmbr2 weight 1

But I will not solve the routing problem. You have to create rules to split networks.

Steps.
1. In file /etc/iproute2/rt_tables add 2 lines with number and name of rule
2. You have to add IP route rules. example:

Code:

ip route add 199.168.137.0/24 dev vmbr1  proto kernel  scope link  src 199.168.137.2 table [B]rule_name[/B]
ip route add 162.213.31.0/24 dev vmbr0  proto kernel  scope link  src 162.213.31.137 table [B]rule_name[/B]
ip route add default via 162.213.31.1 dev vmbr0 table [B]rule_name[/B]

ip route add 199.168.137.0/24 dev vmbr1  proto kernel  scope link  src 199.168.137.2 table [B]rule_name2[/B]
ip route add 162.213.31.0/24 dev vmbr0  proto kernel  scope link  src 162.213.31.137 table [B]rule_name2[/B]
ip route add default via 199.168.137.1 dev vmbr1 table [B]rule_name2[/B]

3. ip rules. Example

Code:

ip rule add from all to 162.213.31.0/24 lookup rule_name
ip rule add from 162.213.31.0/24 to all lookup rule_name

ip rule add from all to 199.168.137.0/24 lookup rule_name2
ip rule add from 199.168.137.0/24 all to lookup rule_name2

Now your host server can respond in both networks. Its not needed for VM if their NIC and host NIC are bridged.

btw in your last post I see you use vmbr0 and vmbr1. Do they connected correctly ?

Sekhmet · Apr 19, 2015

Nemesiz said:
...

Hi. Thanks a lot for your support. I've created following interfaces file based on your help.

Code:

# network interface settingsauto lo
iface lo inet loopback


iface eth0 inet manual


iface eth1 inet manual


auto vmbr0
iface vmbr0 inet static
        address  162.213.31.137
        netmask  255.255.255.0
        gateway  162.213.31.1
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0


auto vmbr0:0
iface vmbr0:0 inet static
        address  199.168.137.2
        netmask  255.255.255.0
        post-up /sbin/ifconfig vmbr0:0 199.168.137.2 netmask 255.255.255.0


        # Routes for net1
        post-up /sbin/ip route add 199.168.137.0/24 dev vmbr0:0  proto kernel scope link  src 199.168.137.2 table net1
        post-up /sbin/ip route add 162.213.31.0/24 dev vmbr0  proto kernel  scope link  src 162.213.31.137 table net1
        post-up /sbin/ip route add default via 162.213.31.1 dev vmbr0 table net1


        # Routes for net2
        post-up /sbin/ip route add 199.168.137.0/24 dev vmbr0:0  proto kernel  scope link  src 199.168.137.2 table net2
        post-up /sbin/ip route add 162.213.31.0/24 dev vmbr0  proto kernel  scope link  src 162.213.31.137 table net2
        post-up /sbin/ip route add default via 199.168.137.1 dev vmbr1 table net2


        # Rules
        post-up /sbin/ip rule add from all to 162.213.31.0/24 lookup net1
        post-up /sbin/ip rule add from 162.213.31.0/24 to all lookup net1


        post-up /sbin/ip rule add from all to 199.168.137.0/24 lookup net2
        post-up /sbin/ip rule add from 199.168.137.0/24 to all lookup net2

Should it be created this way?

Nemesiz · Apr 19, 2015

+- its fine just missed `post-up /sbin/ip route add default via 199.168.137.1 dev vmbr1 table net2` to change NIC name

Issue with assigning two subnets

New Member

Renowned Member

New Member

Renowned Member

New Member

Renowned Member

New Member

Renowned Member

New Member

Renowned Member

New Member

Renowned Member

New Member

Renowned Member

New Member

Renowned Member

New Member

Renowned Member

New Member

Renowned Member