Masquerading NAT issues

E

eexodus

Active Member
Jan 25, 2017
17
0
41
33
Hello. I'm running Proxmox 4.4-1. I followed the guide at https://pve.proxmox.com/wiki/Network_Model for setting up Masqueraded NAT since my Proxmox host has a single public IP (example as 10.0.0.174 below), but my containers can't reach the Internet. They can ping my Proxmox host's gateway 192.168.1.1, and I can SSH into them from my Proxmox host, but they can't ping other devices on my network like 10.0.0.175 or Internet addresses like 8.8.8.8 or google.com. After editing /etc/network/interfaces I restarted networking with systemctl restart networking and configured the container as:
Bridge: vmbr1
IPv4: Static
IPv4/CIDR: 192.168.1.2/24
Gateway (IPv4): 192.168.1.1
IPv6: Static

The Proxmox host's /etc/network/interfaces:
Code: 
auto lo
iface lo inet loopback

auto vmbr0
iface vmbr0 inet static
  address 10.0.0.174
  netmask 255.255.255.224
  gateway 10.0.0.161

auto vmbr1
iface vmbr1 inet static
  address 192.168.1.1
  netmask 255.255.255.0
  bridge_ports none
  bridge_stp off
  bridge_fd 0

  post-up echo 1 > /proc/sys/net/ipv4/ip_forward
  post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
  post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
 
I've edited /etc/network/interfaces to better reflect https://pve.proxmox.com/wiki/Network_Model but I'm still having the same issues.

Code: 
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
  address  10.0.0.174
  netmask  255.255.255.224
  gateway 10.0.0.161

iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
  address 192.168.1.1
  netmask 255.255.255.0
  bridge_ports none
  bridge_stp off
  bridge_fd 0

  post-up echo 1 > /proc/sys/net/ipv4/ip_forward
  post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o eth0 -j MASQUERADE
  post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o eth0 -j MASQUERADE
 
OK ufw was interfering with NAT. If anyone has any recommendations for keeping ufw installed yet letting masqueraded NAT through would be great. Thanks.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back