Hello everyone, I believe I might have found a strange bug/issue in proxmox. I've installed proxmox on a hetzner dedicated server.
I have the following LXC:
With the following routes inside
And this is /etc/network/interfaces
If I disable the firewall from the NIC of the LXC, pinging 1.1.1.1 works, otherwise it doesn't. VMs have the same behaviour. I've tried any possible combination, but I have not managed to make this work in other ways. Does anyone have any idea about what this might be the issue?
I have the following LXC:
Code:
root@cloudino:~# cat /etc/pve/lxc/106.conf
arch: amd64
cores: 1
features: nesting=1
hostname: vpn
memory: 512
net0: name=eth0,bridge=vmbr1,firewall=1,gw=192.168.20.0,hwaddr=BC:24:11:2A:25:45,ip=192.168.20.7/24,ip6=auto,type=veth
onboot: 0
ostype: ubuntu
rootfs: local-zfs:subvol-106-disk-0,size=4G
swap: 0
unprivileged: 1With the following routes inside
Code:
➜ ~ ip r
default via 192.168.20.0 dev eth0 proto static
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.20.0/24 dev eth0 proto kernel scope link src 192.168.20.7And this is /etc/network/interfaces
Code:
auto lo
iface lo inet loopback
iface enp41s0 inet manual
auto vmbr0
iface vmbr0 inet static
address PUBLICIP/26
gateway PUBLICGW
bridge-ports enp41s0
bridge-stp off
bridge-fd 0
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m multiport --dports 443,80 -j DNAT --to 192.168.20.200
post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp -m multiport --dports 443,80 -j DNAT --to 192.168.20.200
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m multiport --dports 25,465,587,143,993,110,995,4190 -j DNAT --to 192.168.20.3
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m multiport --dports 443,80 -j DNAT --to 192.168.20.200
post-down iptables -t nat -D PREROUTING -i vmbr0 -p udp -m multiport --dports 443,80 -j DNAT --to 192.168.20.200
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m multiport --dports 25,465,587,143,993,110,995,4190 -j DNAT --to 192.168.20.3
auto vmbr1
iface vmbr1 inet static
address 192.168.20.0/24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up iptables -t nat -A POSTROUTING -s '192.168.20.0/24' -o vmbr0 -j MASQUERADE && iptables -t nat -A PREROUTING -d PUBLICIP -p tcp --dport 443 -j DNAT --to 192.168.20.200:443
post-down iptables -t nat -D POSTROUTING -s '192.168.20.0/24' -o vmbr0 -j MASQUERADE && iptables -t nat -D PREROUTING -d PUBLICIP -p tcp --dport 443 -j DNAT --to 192.168.20.200:443If I disable the firewall from the NIC of the LXC, pinging 1.1.1.1 works, otherwise it doesn't. VMs have the same behaviour. I've tried any possible combination, but I have not managed to make this work in other ways. Does anyone have any idea about what this might be the issue?
