Nat and Bridged on Proxmox

[Darkie]

Hey,
I have got 5 public ips and dont want to waste them by setting up public samba servers, etc...
So i want to make a natted debian root, and i've got a problem with the interface.
When i try to apply this configuration every machine on vmbr0 looses internet connection:

# network interface settings
auto lo
iface lo inet loopback

allow-hotplug eth0
iface eth0 inet manual

iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
        address 178.251.229.125
        netmask 255.255.255.0
        gateway 178.251.229.1
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
auto vmbr1
iface vmbr1 inet static
        address  10.10.10.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eth0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eth0 -j MASQUERADE

So how can i apply vmbr1 without vmbr0 machines loosing the connection for ever?
Thank you!
Edit: ok, the configuration is nice now, after rebooting the host, but the natted server doesnt have a internet connection, i can only ping 10.10.10.1(the host in the nat)
How can i fix it?

 

[dabtech]

You probably want to apply vmbr0 instead of eth0 to your nat rule. I prefer to use SNAT in those situations, so you could alternatively try this:

post-up iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o vmbr0 -j SNAT --to-source [COLOR=#333333]178.251.229.125
[/COLOR]post-down iptables -t nat -D POSTROUTING -s 10.10.10.0/24 -o vmbr0 -j SNAT --to-source [COLOR=#333333]178.251.229.125[/COLOR]

 

[Darkie]

Oh nice!! Thank you a lot for that hint
To mod: please close this thread

 

[nihilanthlnxa]

Greetings. Interesting, but... It not interfers with the normal performance of pve-firewall module? Until now I have seen that the PVE-firewall module is focuses on filtering rules. :-?