NAT configuration

[Miguel]

I have installed Proxmox 5.1. Can I have two vmbr ? One for the bridge IPs and another for NAT? I want to have two VMs that only have access to Internet but not reachable from outside.

Right now I have:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# for Routing
auto vmbr1
iface vmbr1 inet manual
bridge_ports dummy0
bridge_stp off
bridge_fd 0


# vmbr0: Bridging. Make sure to use only MAC adresses that were assigned to you.
auto vmbr0
iface vmbr0 inet static
address x.x.x.x
netmask 255.255.255.0
network x.x.x.0
broadcast x.x.x.255
gateway x.x.x.254
bridge_ports eth0
bridge_stp off
bridge_fd 0

iface vmbr0 inet6 static
address 2001:41d0:0008:0d0c::
netmask 64
post-up /sbin/ip -f inet6 route add x.x.x.x dev vmbr0
post-up /sbin/ip -f inet6 route add default via x.x.x.x
pre-down /sbin/ip -f inet6 route del default via x.x.x.x
pre-down /sbin/ip -f inet6 route del x.x.x.x dev vmbr0

auto vmbr2
#private sub network
iface vmbr2 inet static
address 10.10.10.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE

But this is not working

 

[LnxBil]

Sure, I have a similar configuration.

I'd use a different postrouting configuration for my "private-ip-only" network:

auto vmbr1
iface vmbr1 inet static
    address  192.168.253.1
    netmask  255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0

    # Masquerade 192.168.253.0 network
    post-up iptables -t nat -A POSTROUTING -s 192.168.253.0/24 ! -d 192.168.253.0/24 -j MASQUERADE

 

[Miguel]

It´s not working for me...how do I configure my linux guest?

 

[LnxBil]

e.g. on IP 192.168.253.2/24 with gateway at 192.168.253.1