NAT Masquerade not working with Firewall enabled

Jul 15, 2019
2
0
1
Hello,

im playing around with Proxmox at home wanting to put it on a dedicated sever at Hetzner later, and have some trouble using a private network for the VMs.

The config below works, i can Ping from a Container in the private net(192.168) to my Desktop in my LAN (10.10), and if i look at the Ping in Wireshark the source IP is 10.10.0.200. But if i now enable the Firewall in Proxmox, the source IP of the ping request changes to the private address of the Container, and it does not receive the reply.

The masquerade rule is still in the NAT table after enabling the Firewall, but it does not get executed.

Code:
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

iface lo inet6 loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
    address  192.168.1.1
    netmask 24
    bridge-ports none
    bridge-stp off
    bridge-fd 0

auto vmbr1
iface vmbr1 inet static
    address  10.10.0.200
    netmask 24
    gateway  10.10.0.1
    bridge-ports eno1
    bridge-stp off
    bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr1 -j MASQUERADE