MASQUERADING NAT - No Connection from VM's to VM's

[ChoosenEye]

Hey Guys,

I have some problems with my Server so i think you could help me. ( Sry for my English it's not the best )


i had an Proxmox 3.3 VE configured with eth0 manually and vmbr0 with briged ports to eth0

auto lo
iface lo inet loopback

iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
address 188.165.xxx.xxx
netmask 255.255.255.0
gateway 188.165.xxx.xxx
bridge_ports eth0
bridge_stp off
bridge_fd 0

auto vmbr2
iface vmbr2 inet static
address 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
bridge_ports none
bridge_stp off
bridge_fd 0

The VM's have all Network Adapters to vmbr2 so i push the traffic from vmbr2 (the VM's Network "local") to the vmbr0 (output through eth0)

-A POSTROUTING -s 192.168.0.0/24 -o vmbr0 -j MASQUERADE

The VM's are all available to connect to Web and can talk together in the vmbr2 Network (192.168.0.0/24)

The vmbr0 routes some ports to the VM's via iptables PREROUTING DNAT like this.

-A PREROUTING -i vmbr0 -p udp -m udp --dport 9987 -j DNAT --to-destination 192.168.0.101:9987 (this is my Teamspeak Port so the other Ports are exactly same Routed per iptables to the VM's)

This work very well so i can have 10 VM's and can set their SSH Ports routed so internal i can use it normaly and externaly i routed their to connect from 1 IP Address.

BUT when i now have a VPN (OPENVPN) Server on one of the VM's i can't connect over the Web to the VM's

so i mean:

Laptop with VPN (client) --> Internet --> VPN (server) (VM on the Host) --> Internet --> Host (My 1 IP i have) --> (PREROUTE/DNAT) --> another VM on my Host

This doesn't work and i don't know why ^^

Hope you can help me.