Issue with assigning two subnets

Nemesiz said:
+- its fine just missed `post-up /sbin/ip route add default via 199.168.137.1 dev vmbr1 table net2` to change NIC name
Click to expand...

Thanks for this catch. I've changed that, but it still doesn't allow me to connect to container with 199.168.137.3 IP (it timeouts).

My interfaces file
Code: 
# network interface settings
auto lo
iface lo inet loopback


iface eth0 inet manual


iface eth1 inet manual


auto vmbr0
iface vmbr0 inet static
        address  162.213.31.137
        netmask  255.255.255.0
        gateway  162.213.31.1
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0


auto vmbr0:0
iface vmbr0:0 inet static
        address  199.168.137.2
        netmask  255.255.255.0
        post-up /sbin/ifconfig vmbr0:0 199.168.137.2 netmask 255.255.255.0


        # Routes for net1
        post-up /sbin/ip route add 199.168.137.0/24 dev vmbr0:0  proto kernel scope link  src 199.168.137.2 table net1
        post-up /sbin/ip route add 162.213.31.0/24 dev vmbr0  proto kernel  scope link  src 162.213.31.137 table net1
        post-up /sbin/ip route add default via 162.213.31.1 dev vmbr0 table net1


        # Routes for net2
        post-up /sbin/ip route add 199.168.137.0/24 dev vmbr0:0  proto kernel  scope link  src 199.168.137.2 table net2
        post-up /sbin/ip route add 162.213.31.0/24 dev vmbr0  proto kernel  scope link  src 162.213.31.137 table net2
        post-up /sbin/ip route add default via 199.168.137.1 dev vmbr0:0 table net2


        # Rules
        post-up /sbin/ip rule add from all to 162.213.31.0/24 lookup net1
        post-up /sbin/ip rule add from 162.213.31.0/24 to all lookup net1


        post-up /sbin/ip rule add from all to 199.168.137.0/24 lookup net2
        post-up /sbin/ip rule add from 199.168.137.0/24 to all lookup net2

From machine running Proxmox I can ping its IP from second subnet (199.168.137.2), but when ping is being routed through second NIC (for example when I ping router (199.168.137.1) it says:
Code: 
PING 199.168.137.1 (199.168.137.1) 56(84) bytes of data.From 199.168.137.2 icmp_seq=2 Destination Host Unreachable
From 199.168.137.2 icmp_seq=3 Destination Host Unreachable
From 199.168.137.2 icmp_seq=4 Destination Host Unreachable


PING 199.168.137.2 (199.168.137.2) 56(84) bytes of data.
64 bytes from 199.168.137.2: icmp_req=1 ttl=64 time=0.028 ms
64 bytes from 199.168.137.2: icmp_req=2 ttl=64 time=0.029 ms
64 bytes from 199.168.137.2: icmp_req=3 ttl=64 time=0.028 ms
64 bytes from 199.168.137.2: icmp_req=4 ttl=64 time=0.032 ms


IP of container in new subnet
PING 199.168.137.3 (199.168.137.3) 56(84) bytes of data.
From 199.168.137.2 icmp_seq=2 Destination Host Unreachable
From 199.168.137.2 icmp_seq=3 Destination Host Unreachable
From 199.168.137.2 icmp_seq=4 Destination Host Unreachable

All rules and routes are set:
Code: 
0:      from all lookup local32762:  from 199.168.137.0/24 lookup net2
32763:  from all to 199.168.137.0/24 lookup net2
32764:  from 162.213.31.0/24 lookup net1
32765:  from all to 162.213.31.0/24 lookup net1
32766:  from all lookup main
32767:  from all lookup default

If it's important net1 has priority 101, and net2 has 102.

I have no idea what's wrong with that. Maybe it's my provider fault?

One more time, thanks for your help.
 
101 102 is not priority if you are talking about /etc/iproute2/rt_tables
priority are 32763 32764 ... in ip rule


can you print these commands
`ip r show table net1`
`ip r show table net2`
`ip r`
`ifconfig`
 
Nemesiz said:
101 102 is not priority if you are talking about /etc/iproute2/rt_tables
priority are 32763 32764 ... in ip rule


can you print these commands
`ip r show table net1`
`ip r show table net2`
`ip r`
`ifconfig`
Click to expand...

Thanks, I've read so on some website while I was trying to solve it on my own.

Here are outputs:


Code: 
root@IX-0076:~# ip r show table net1199.168.137.0/24 dev vmbr0  proto kernel  scope link  src 199.168.137.2
162.213.31.0/24 dev vmbr0  proto kernel  scope link  src 162.213.31.137
default via 162.213.31.1 dev vmbr0


root@IX-0076:~# ip r show table net2
199.168.137.0/24 dev vmbr0  proto kernel  scope link  src 199.168.137.2
162.213.31.0/24 dev vmbr0  proto kernel  scope link  src 162.213.31.137
default via 199.168.137.1 dev vmbr0


root@IX-0076:~# ip r
162.213.31.159 dev venet0  scope link
162.213.31.143 dev venet0  scope link
162.213.31.158 dev venet0  scope link
162.213.31.142 dev venet0  scope link
162.213.31.157 dev venet0  scope link
199.168.137.3 dev venet0  scope link
162.213.31.141 dev venet0  scope link
162.213.31.156 dev venet0  scope link
162.213.31.140 dev venet0  scope link
162.213.31.155 dev venet0  scope link
162.213.31.139 dev venet0  scope link
162.213.31.154 dev venet0  scope link
162.213.31.138 dev venet0  scope link
162.213.31.153 dev venet0  scope link
162.213.31.152 dev venet0  scope link
162.213.31.151 dev venet0  scope link
162.213.31.150 dev venet0  scope link
162.213.31.164 dev venet0  scope link
162.213.31.149 dev venet0  scope link
162.213.31.165 dev venet0  scope link
162.213.31.148 dev venet0  scope link
162.213.31.162 dev venet0  scope link
162.213.31.147 dev venet0  scope link
162.213.31.163 dev venet0  scope link
162.213.31.146 dev venet0  scope link
162.213.31.160 dev venet0  scope link
162.213.31.145 dev venet0  scope link
162.213.31.161 dev venet0  scope link
162.213.31.144 dev venet0  scope link
199.168.137.0/24 dev vmbr0  proto kernel  scope link  src 199.168.137.2
162.213.31.0/24 dev vmbr0  proto kernel  scope link  src 162.213.31.137
default via 162.213.31.1 dev vmbr0




root@IX-0076:~# ifconfig
eth0      Link encap:Ethernet  HWaddr e8:9a:8f:14:1c:26
          inet6 addr: fe80::ea9a:8fff:fe14:1c26/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:114081 errors:0 dropped:0 overruns:0 frame:0
          TX packets:44973 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:16202222 (15.4 MiB)  TX bytes:16545394 (15.7 MiB)


lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:10610 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10610 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:7602800 (7.2 MiB)  TX bytes:7602800 (7.2 MiB)


venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet6 addr: fe80::1/128 Scope:Link
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:46582 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:3 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2882064 (2.7 MiB)  TX bytes:0 (0.0 B)


vmbr0     Link encap:Ethernet  HWaddr e8:9a:8f:14:1c:26
          inet addr:162.213.31.137  Bcast:162.213.31.255  Mask:255.255.255.0
          inet6 addr: fe80::ea9a:8fff:fe14:1c26/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:109045 errors:0 dropped:0 overruns:0 frame:0
          TX packets:42699 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:13953720 (13.3 MiB)  TX bytes:16383334 (15.6 MiB)


vmbr0:0   Link encap:Ethernet  HWaddr e8:9a:8f:14:1c:26
          inet addr:199.168.137.2  Bcast:199.168.137.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 
In your position I would try to debug network with tcpdump.

tcpdump -ni eth0 net 199.168.137.0/24

And try to ping gateway 199.168.137.1 with `ping 199.168.137.1 -I vmbr0:0` and `ping 199.168.137.1 -I vmbr0`



I`m not sure about vmbr0:0 as vmbr0 alias. You can try try this

Code: 
# network interface settings
auto lo
iface lo inet loopback


iface eth0 inet manual


iface eth1 inet manual


auto vmbr0
iface vmbr0 inet static
        address  162.213.31.137
        netmask  255.255.255.0
        gateway  162.213.31.1
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0


auto vmbr0:0
iface vmbr0:0 inet static

auto vmbr0v1
iface vmbr0v1 inet manual
        address  199.168.137.2
        netmask  255.255.255.0
        pre-up ifup vmbr0 2> /dev/null
        pre-up ip link add link vmbr0 name $IFACE address 00:11:22:33:AA:BB type macvlan 2> /dev/null

        # Routes for net1
        post-up /sbin/ip route add 199.168.137.0/24 dev vmbr0v1  proto kernel scope link  src 199.168.137.2 table net1
        post-up /sbin/ip route add 162.213.31.0/24 dev vmbr0  proto kernel  scope link  src 162.213.31.137 table net1
        post-up /sbin/ip route add default via 162.213.31.1 dev vmbr0 table net1


        # Routes for net2
        post-up /sbin/ip route add 199.168.137.0/24 dev vmbr0v1  proto kernel  scope link  src 199.168.137.2 table net2
        post-up /sbin/ip route add 162.213.31.0/24 dev vmbr0  proto kernel  scope link  src 162.213.31.137 table net2
        post-up /sbin/ip route add default via 199.168.137.1 dev vmbr0v1 table net2


        # Rules
        post-up /sbin/ip rule add from all to 162.213.31.0/24 lookup net1
        post-up /sbin/ip rule add from 162.213.31.0/24 to all lookup net1

        post-up /sbin/ip rule add from all to 199.168.137.0/24 lookup net2
        post-up /sbin/ip rule add from 199.168.137.0/24 to all lookup net2
 
Sekhmet said:
Code: 
root@IX-0076:~# ip r show table net2
199.168.137.0/24 dev vmbr0  proto kernel  scope link  src 199.168.137.2
162.213.31.0/24 dev vmbr0  proto kernel  scope link  src 162.213.31.137
default via 199.168.137.1 dev [B]vmbr0[/B]
Click to expand...

Hm maybe it cant work like it. Try configuration of my previous post.
 
On previous configuration i couldn't ping router ip:
h7lbe3.jpg
sa2iyb.jpg

On interface configuration from your penultimate post pings reaches destination:
root@IX-0076:~# ping 199.168.137.1 -I vmbr0
PING 199.168.137.1 (199.168.137.1) from 162.213.31.137 vmbr0: 56(84) bytes of data.
64 bytes from 199.168.137.1: icmp_req=1 ttl=255 time=0.375 ms
64 bytes from 199.168.137.1: icmp_req=2 ttl=255 time=0.394 ms
64 bytes from 199.168.137.1: icmp_req=3 ttl=255 time=0.349 ms
64 bytes from 199.168.137.1: icmp_req=4 ttl=255 time=0.376 ms
64 bytes from 199.168.137.1: icmp_req=5 ttl=255 time=0.352 ms
64 bytes from 199.168.137.1: icmp_req=6 ttl=255 time=0.358 ms
--- 199.168.137.1 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5000ms
rtt min/avg/max/mdev = 0.349/0.367/0.394/0.022 ms
Click to expand...

root@IX-0076:~# tcpdump -ni eth0 net 199.168.137.0/24
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:34:17.541657 IP 162.213.31.137 > 199.168.137.1: ICMP echo request, id 19343, seq 2, length 64
12:34:17.542035 IP 199.168.137.1 > 162.213.31.137: ICMP echo reply, id 19343, seq 2, length 64
12:34:18.541656 IP 162.213.31.137 > 199.168.137.1: ICMP echo request, id 19343, seq 3, length 64
12:34:18.541989 IP 199.168.137.1 > 162.213.31.137: ICMP echo reply, id 19343, seq 3, length 64
12:34:19.541653 IP 162.213.31.137 > 199.168.137.1: ICMP echo request, id 19343, seq 4, length 64
12:34:19.542016 IP 199.168.137.1 > 162.213.31.137: ICMP echo reply, id 19343, seq 4, length 64
12:34:20.541668 IP 162.213.31.137 > 199.168.137.1: ICMP echo request, id 19343, seq 5, length 64
12:34:20.542004 IP 199.168.137.1 > 162.213.31.137: ICMP echo reply, id 19343, seq 5, length 64
12:34:21.541651 IP 162.213.31.137 > 199.168.137.1: ICMP echo request, id 19343, seq 6, length 64
12:34:21.541994 IP 199.168.137.1 > 162.213.31.137: ICMP echo reply, id 19343, seq 6, length 64
Click to expand...



root@IX-0076:~# ping 199.168.137.1 -I vmbr0:0
PING 199.168.137.1 (199.168.137.1) from 162.213.31.137 vmbr0:0: 56(84) bytes of data.
64 bytes from 199.168.137.1: icmp_req=1 ttl=255 time=0.440 ms
64 bytes from 199.168.137.1: icmp_req=2 ttl=255 time=0.412 ms
64 bytes from 199.168.137.1: icmp_req=3 ttl=255 time=0.364 ms
64 bytes from 199.168.137.1: icmp_req=4 ttl=255 time=0.409 ms
64 bytes from 199.168.137.1: icmp_req=5 ttl=255 time=0.354 ms
64 bytes from 199.168.137.1: icmp_req=6 ttl=255 time=0.358 ms
--- 199.168.137.1 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5002ms
rtt min/avg/max/mdev = 0.354/0.389/0.440/0.038 ms
Click to expand...
tcpdump -ni eth0 net 199.168.137.0/24
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:42:07.010113 IP 162.213.31.137 > 199.168.137.1: ICMP echo request, id 30355, seq 1, length 64
12:42:07.010462 IP 199.168.137.1 > 162.213.31.137: ICMP echo reply, id 30355, seq 1, length 64
12:42:08.009860 IP 162.213.31.137 > 199.168.137.1: ICMP echo request, id 30355, seq 2, length 64
12:42:08.010242 IP 199.168.137.1 > 162.213.31.137: ICMP echo reply, id 30355, seq 2, length 64
12:42:09.010675 IP 162.213.31.137 > 199.168.137.1: ICMP echo request, id 30355, seq 3, length 64
12:42:09.011015 IP 199.168.137.1 > 162.213.31.137: ICMP echo reply, id 30355, seq 3, length 64
12:42:10.012002 IP 162.213.31.137 > 199.168.137.1: ICMP echo request, id 30355, seq 4, length 64
12:42:10.012381 IP 199.168.137.1 > 162.213.31.137: ICMP echo reply, id 30355, seq 4, length 64
12:42:11.011670 IP 162.213.31.137 > 199.168.137.1: ICMP echo request, id 30355, seq 5, length 64
12:42:11.012003 IP 199.168.137.1 > 162.213.31.137: ICMP echo reply, id 30355, seq 5, length 64
12:42:12.012957 IP 162.213.31.137 > 199.168.137.1: ICMP echo request, id 30355, seq 6, length 64
12:42:12.013289 IP 199.168.137.1 > 162.213.31.137: ICMP echo reply, id 30355, seq 6, length 64
Click to expand...

root@IX-0076:~# ip r
162.213.31.159 dev venet0 scope link
162.213.31.143 dev venet0 scope link
162.213.31.158 dev venet0 scope link
162.213.31.142 dev venet0 scope link
162.213.31.157 dev venet0 scope link
199.168.137.3 dev venet0 scope link
162.213.31.141 dev venet0 scope link
162.213.31.156 dev venet0 scope link
162.213.31.140 dev venet0 scope link
162.213.31.155 dev venet0 scope link
162.213.31.139 dev venet0 scope link
162.213.31.154 dev venet0 scope link
162.213.31.138 dev venet0 scope link
162.213.31.153 dev venet0 scope link
162.213.31.152 dev venet0 scope link
162.213.31.151 dev venet0 scope link
162.213.31.150 dev venet0 scope link
162.213.31.164 dev venet0 scope link
162.213.31.149 dev venet0 scope link
162.213.31.165 dev venet0 scope link
162.213.31.148 dev venet0 scope link
162.213.31.162 dev venet0 scope link
162.213.31.147 dev venet0 scope link
162.213.31.163 dev venet0 scope link
162.213.31.146 dev venet0 scope link
162.213.31.160 dev venet0 scope link
162.213.31.145 dev venet0 scope link
162.213.31.161 dev venet0 scope link
162.213.31.144 dev venet0 scope link
162.213.31.0/24 dev vmbr0 proto kernel scope link src 162.213.31.137
default via 162.213.31.1 dev vmbr0
Click to expand...

root@IX-0076:~# ifconfig
eth0 Link encap:Ethernet HWaddr e8:9a:8f:14:1c:26
inet6 addr: fe80::ea9a:8fff:fe14:1c26/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:62726 errors:0 dropped:0 overruns:0 frame:0
TX packets:48134 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:10523009 (10.0 MiB) TX bytes:12197592 (11.6 MiB)


lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:5624 errors:0 dropped:0 overruns:0 frame:0
TX packets:5624 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3558004 (3.3 MiB) TX bytes:3558004 (3.3 MiB)


venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: fe80::1/128 Scope:Link
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:38481 errors:0 dropped:0 overruns:0 frame:0
TX packets:32845 errors:0 dropped:18 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6157366 (5.8 MiB) TX bytes:5314734 (5.0 MiB)


vmbr0 Link encap:Ethernet HWaddr e8:9a:8f:14:1c:26
inet addr:162.213.31.137 Bcast:162.213.31.255 Mask:255.255.255.0
inet6 addr: fe80::ea9a:8fff:fe14:1c26/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:61207 errors:0 dropped:0 overruns:0 frame:0
TX packets:47151 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:9473164 (9.0 MiB) TX bytes:12098665 (11.5 MiB)
Click to expand...

The container is on 199.168.137.3 - it's still unreachable from outside.
 
Last edited:
Server operator gives me another IP package, i tried a lot of methods - no results. I can't access containers from second network from outside. Traffic reaches proxmox machine (162.213.31.137) but there is no response from it. Maybe could you try to check what is wrong on my machine? If yes, give me any contact to you, we would talk about wage.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back