Multiple IP's on same bridge and PREROUTING/POSTROUTING

M

mateusz1234

Member
Apr 22, 2021
13
0
21
33
Hi! I am trying to setup multiple IP address on a bridge and routing ports from them to specific internal IPs.

That setup works fine with my MAIN public ip address, but not at all with EXTRA and I am out of ideas why.

Here is my network setup file:
Code: 
auto lo
iface lo inet loopback

iface enp1s0f0 inet manual

iface enp1s0f1 inet manual

auto vmbr0
iface vmbr0 inet static
        address MAIN_EXTERNAL_IP/21
        gateway DEFAULT_EXTERNAL_GATEWAY
        bridge-ports enp1s0f0
        bridge-stp off
        bridge-fd 0

auto vmbr0:0
iface vmbr0:0 inet static
        address EXTRA_EXTERNAL_IP/21
        gateway DEFAULT_EXTERNAL_GATEWAY //is that need here? It is the same as the MAIN

//MAIN_EXTERNAL_IP routed network for VM/CTs
auto vmbr1
iface vmbr1 inet static
        address 192.168.223.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '192.168.223.0/24' -o vmbr0 -j MASQUERADE
        post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-up iptables -t nat -A PREROUTING --dst MAIN_EXTERNAL_IP -p tcp --dport 21 -j DNAT --to 192.168.223.2:21

//EXTRA_EXTERNAL_IP routed network for VM/CTs
//this part doesn't work, port can not be accesed from outside
auto vmbr2
iface vmbr2 inet static
        address 192.168.224.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '192.168.224.0/24' -o vmbr0:0 -j MASQUERADE
        post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-up iptables -t nat -A PREROUTING --dst 46.242.143.235 -p tcp --dport 1:65535 -j DNAT --to 192.168.224.9:1-65535
        post-up iptables -t nat -A PREROUTING --dst 46.242.143.235 -p udp --dport 1:65535 -j DNAT --to 192.168.224.9:1-65535

source /etc/network/interfaces.d/*
An idea what I am missing? The EXTRA_EXTERNAL_IP can be pinged from outside too, so that part is working fine. And tried already a bunch of other options and nothing did seam to work
 
You must log in or register to reply here.
Top Bottom