[SOLVED] Issue with container networking

K

Khalko

New Member
Jun 3, 2018
3
1
1
Hi,

First, thanks for trying to help... I've been trying to figure this out for few days already, and still can't get it to work.

The problem is that I can't ping from a container to the internet.
I can ping the host.
I can ping other containers in the same network.
I can access 192.168.1.4:80 (container private IP) through xxx.yyy.zzz.15:50 (public ip with routing) from my computer.
I can access any port of the private IP if I route it previously.
I can NOT ping 8.8.8.8

I wanna be able to ping 8.8.8.8, and basically I wanna have internet access so I can install and update packages and such things...

My host is running Proxmox 5.2 over Debian within a ovh ks server.
My container is running debian 8, I previously tried as well with Centos 7 but couldn't get it to work either.
I don't have any firewall running.

Any help would be gladly accepted, thanks in advance!

host network configuration
Code: 
auto lo
iface lo inet loopback

iface enp1s0 inet manual

iface enp2s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address  xxx.yyy.zzz.15/24
        gateway  xxx.yyy.zzz.254
        bridge_ports enp1s0
        bridge_stp off
        bridge_fd 0

auto vmbr1
iface vmbr1 inet static
        bridge_ports dummy0
        bridge_stp off
        bridge_fd 0
        post-up /etc/pve/kvm-networking.sh

auto vmbr2
iface vmbr2 inet static
        address  192.168.1.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        pre-up iptables -N PREROUTING
        pre-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 50 -j DNAT --to-destination 192.168.1.4:80
        pre-up iptables -A PREROUTING -j ACCEPT
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -N POSTROUTING
        post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
        post-up iptables -A POSTROUTING -j ACCEPT
        pre-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 50 -j DNAT --to-destination 192.168.1.4:80
        post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -X PREROUTING
        post-down iptables -X POSTROUTING
        post-down iptables -F -t nat
        post-down iptables -F

container network configuration
Code: 
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
         address 192.168.1.4
         netmask 255.255.255.0
         gateway 192.168.1.1

container "route -n" output
Code: 
Destination       Gateway        Genmask         Flags     Metric       Ref       Use      Iface
0.0.0.0             192.168.1.1        0.0.0.0            UG          0              0           0        eth0
192.168.1.0           0.0.0.0       255.255.255.0   U             0              0           0        eth0

host "route -n" output
Code: 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.yyy.zzz.254   0.0.0.0         UG    0      0        0 enp1s0
0.0.0.0         xxx.yyy.zzz.254   0.0.0.0         UG    0      0        0 vmbr0
xxx.yyy.zzz.0     0.0.0.0         255.255.255.0   U     0      0        0 enp1s0
xxx.yyy.zzz.0     0.0.0.0         255.255.255.0   U     0      0        0 vmbr0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 vmbr2

host "iptables -L -t nat" output
Code: 
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere             tcp dpt:re-mail-ck to:192.168.1.4:80

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  192.168.1.0/24       anywhere

THANKS!;)
 
I already solved this myself...

I configured the enp1s0 interface with the public IP and gateway, and then used vmbr0 for my internal network with internet access routing all outgoing traffic through enp1s0.
 
  • Like
Reactions: BuildIT Consulting
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back