[SOLVED] Loss of access after OVS Bridge

nez

Member
Dec 31, 2019
2
0
21
34
I am running into an issue any time I try setting up OVS bridge. I loose network to my dedicate sever. I have a point-to-point link to my public IP provided by the hosting company. I was able to on one of my boxes for a short time run the interfaces Bridge config and it worked. So I figured I run interfaces OVS config but any time I set up OVS I loose complete access to the server. I have re-install the OS from the Datacenter provider. OVS is installed and the server was rebooted after install.

I have tried with the Pubilc IP to be on the bridge, nic, and as a third intPort no vlan tag. All with the same results.

Any help would be appreciated thank you.

interfaces Bridge
Bash:
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface eno1 inet manual

iface eno2 inet manual

auto vmbr0
iface vmbr0 inet static
        address  XXX.XX.X.XXX
        netmask  30
        gateway  XXX.XX.X.XXX
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
#Wan

auto vmbr1
iface vmbr1 inet static
        address  10.0.0.254
        netmask  24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
#Lan

       post-up echo 1 > /proc/sys/net/ipv4/ip_forward
       post-up   iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
       post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE

interfaces OVS
Bash:
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

allow-hotplug enp5s0

allow-vmbr0 enp5s0
iface enp5s0 inet manual
    ovs_type OVSPort
    ovs_bridge vmbr0
    dns-nameservers 127.0.0.1
    dns-search nez.ninja
# dns-* options are implemented by the resolvconf package, if installed

iface enp6s0 inet manual

allow-vmbr0 vmint0
iface vmint0 inet static
    address  10.0.1.254
    netmask  24
    ovs_type OVSIntPort
    ovs_bridge vmbr0
    ovs_options tag=10
#intWan Firewall Wan

allow-vmbr0 vmint1
iface vmint1 inet manual
    ovs_type OVSIntPort
    ovs_bridge vmbr0
    ovs_options tag=20
#intLan Firewall and VM LAN

allow-ovs vmbr0
iface vmbr0 inet manual
    address  XXX.XX.X.XXX (point-to-point public IP)
    netmask  30
    gateway  XXX.XX.X.XXX
    ovs_type OVSBridge
    ovs_ports enp5s0 vmint0 vmint1
#OVS Bridge

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.0.1.0/24' -o enp5s0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.0.1.0/24' -o enp5s0 -j MASQUERADE
        post-up iptables -t nat -A PREROUTING -i enp5s0 -p tcp --dport 2222 -j DNAT --to 10.0.1.6:22
        post-down iptables -t nat -D PREROUTING -i enp5s0 -p tcp --dport 2222 -j DNAT --to 10.0.1.6:22
opera_tM3IG4fYRW.png
 
Hi,

why do you need OVS?
your config shows no use case what Linux bridge is not capable of.

The tow vlan interfaces can easily be done with linux-bridge.
 
Your correct.

I have just decided to stick with Linux bridge and updated the bridge layout a bit more for Opnsense.

Thank You, closing this as fixed.

Code:
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface enp5s0 inet manual

iface enp6s0 inet manual

auto vmbr0
iface vmbr0 inet static
    address  XXX.XX.X.XXX
    netmask  30
    gateway  XXX.XX.X.XXX
    bridge-ports enp5s0
    bridge-stp off
    bridge-fd 0
#Management Interface

auto vmbr1
iface vmbr1 inet static
    address  10.0.1.254
    netmask  24
    bridge-ports none
    bridge-stp off
    bridge-fd 0
#Firewall Wan

auto vmbr2
iface vmbr2 inet manual
    bridge-ports none
    bridge-stp off
    bridge-fd 0
#VM Lan

       post-up echo 1 > /proc/sys/net/ipv4/ip_forward
       post-up   iptables -t nat -A POSTROUTING -s '10.0.1.0/24' -o vmbr0 -j MASQUERADE
       post-down iptables -t nat -D POSTROUTING -s '10.0.1.0/24' -o vmbr0 -j MASQUERADE
       post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 5672 -j DNAT --to 10.0.1.2:5672
       post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 5672 -j DNAT --to 10.0.1.2:5672
       post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 61208 -j DNAT --to 10.0.1.2:61208
       post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 61208 -j DNAT --to 10.0.1.2:61208
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!