Multiple IP's on same bridge and PREROUTING/POSTROUTING

M

mateusz1234

Member
Apr 22, 2021
13
0
6
32
Hi! I am trying to setup multiple IP address on a bridge and routing ports from them to specific internal IPs.

That setup works fine with my MAIN public ip address, but not at all with EXTRA and I am out of ideas why.

Here is my network setup file:
Code: 
auto lo
iface lo inet loopback

iface enp1s0f0 inet manual

iface enp1s0f1 inet manual

auto vmbr0
iface vmbr0 inet static
        address MAIN_EXTERNAL_IP/21
        gateway DEFAULT_EXTERNAL_GATEWAY
        bridge-ports enp1s0f0
        bridge-stp off
        bridge-fd 0

auto vmbr0:0
iface vmbr0:0 inet static
        address EXTRA_EXTERNAL_IP/21
        gateway DEFAULT_EXTERNAL_GATEWAY //is that need here? It is the same as the MAIN

//MAIN_EXTERNAL_IP routed network for VM/CTs
auto vmbr1
iface vmbr1 inet static
        address 192.168.223.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '192.168.223.0/24' -o vmbr0 -j MASQUERADE
        post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-up iptables -t nat -A PREROUTING --dst MAIN_EXTERNAL_IP -p tcp --dport 21 -j DNAT --to 192.168.223.2:21

//EXTRA_EXTERNAL_IP routed network for VM/CTs
//this part doesn't work, port can not be accesed from outside
auto vmbr2
iface vmbr2 inet static
        address 192.168.224.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '192.168.224.0/24' -o vmbr0:0 -j MASQUERADE
        post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-up iptables -t nat -A PREROUTING --dst 46.242.143.235 -p tcp --dport 1:65535 -j DNAT --to 192.168.224.9:1-65535
        post-up iptables -t nat -A PREROUTING --dst 46.242.143.235 -p udp --dport 1:65535 -j DNAT --to 192.168.224.9:1-65535

source /etc/network/interfaces.d/*
An idea what I am missing? The EXTRA_EXTERNAL_IP can be pinged from outside too, so that part is working fine. And tried already a bunch of other options and nothing did seam to work
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom