What I'd like to do: Migrate away from a host with about 15 public IPs to a single public IP with all VMs getting static or DHCP addresses in the 10.10.10.x space. Many of these VMs serve up multiple services -- for example, a dozen WordPress sites on a single Webinoly or WordOps VM.
Where things are going south: Having installed Dnsmasq and set up both vmbr0 (public IP) and vmbr1 (private IP range), I can get the VMs to communicate with the outside world for requesting apt updates, etc. But trying to spin up a WordPress site on a VM with Word Ops installed, with the domain pointed at the host's public IP, gets me an in-browser error with connection refused, every time, whether the 10.10.10.x IP is static or DHCP..
Any idea what I'm doing wrong? Or is what I want simply impossible without moving every hosted service/site to its own mini VM or LXC?
My /etc/network/interfaces data below. Note that the problem exists both with and without the last two "raw" iptables instructions:
Where things are going south: Having installed Dnsmasq and set up both vmbr0 (public IP) and vmbr1 (private IP range), I can get the VMs to communicate with the outside world for requesting apt updates, etc. But trying to spin up a WordPress site on a VM with Word Ops installed, with the domain pointed at the host's public IP, gets me an in-browser error with connection refused, every time, whether the 10.10.10.x IP is static or DHCP..
Any idea what I'm doing wrong? Or is what I want simply impossible without moving every hosted service/site to its own mini VM or LXC?
My /etc/network/interfaces data below. Note that the problem exists both with and without the last two "raw" iptables instructions:
Code:
auto lo
iface lo inet loopback
iface lo inet6 loopback
auto eno1 #ALL eno1 SETTINGS PROVIDED BY SERVER PROVIDER AND UNTOUCHED
iface eno1 inet static
address xxx.xxx.xxx.xxx``/26
gateway xxx.xxx.xxx.xxx
up route add -net x``xx.xxx.xxx.xxx netmask 255.255.255.192 gw xxx.xxx.xxx.xxx dev eno1
# route xxx.xxx.xxx.xxx/26 via x``xx.xxx.xxx.xxx
iface eno1 inet6 static
address xxxxx/64
gateway xxxx::1
auto vmbr0
iface vmbr0 inet static
address xxx.xxx.xxx.xxx/26
bridge-ports none
bridge-stp off
bridge-fd 0
auto vmbr1
iface vmbr1 inet static
address 10.10.10.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '``10.10.10.0/24``' -o eno1 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1