I guys.
Before starting, i want to say that i have several experience on firewalls, networking and Proxmox.
I use make nat and firewalling on Proxmox VM using shorewall (iptables), but on a new proyect i decide to use proxmox firewall. My scenario is:
VMBR0 - Public IP with internet access
VMBR2 - LAN bridge. 192.168.21.0/24
Debian interface file content:
------------------------
auto vmbr0
iface vmbr0 inet static
address MYpublicIP
netmask 24
gateway MYProviderGW
bridge-ports eno1
bridge-stp off
bridge-fd 0
auto vmbr2
iface vmbr2 inet static
address 192.168.21.1
netmask 24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward (although I enable this on sysctl.conf)
post-up /sbin/iptables -A POSTROUTING -t nat -o vmbr0 -s '192.168.21.0/24' -j MASQUERADE
post-down /sbin/iptables -D POSTROUTING -t nat -o vmbr0 -s '192.168.21.0/24' -j MASQUERADE
-------------------
Proxmox 5.4.6 on debian 9
Up to this point, my VM on vmbr2 bridge with 192.168.21.2 ip has internet conectivity without problem, so that nat works fine.
The problem comes when I enable cluster firewall. When I enable it, without rules, nat stop working.
I dont have another confgi or rules on iptables. what happen ?
Before starting, i want to say that i have several experience on firewalls, networking and Proxmox.
I use make nat and firewalling on Proxmox VM using shorewall (iptables), but on a new proyect i decide to use proxmox firewall. My scenario is:
VMBR0 - Public IP with internet access
VMBR2 - LAN bridge. 192.168.21.0/24
Debian interface file content:
------------------------
auto vmbr0
iface vmbr0 inet static
address MYpublicIP
netmask 24
gateway MYProviderGW
bridge-ports eno1
bridge-stp off
bridge-fd 0
auto vmbr2
iface vmbr2 inet static
address 192.168.21.1
netmask 24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward (although I enable this on sysctl.conf)
post-up /sbin/iptables -A POSTROUTING -t nat -o vmbr0 -s '192.168.21.0/24' -j MASQUERADE
post-down /sbin/iptables -D POSTROUTING -t nat -o vmbr0 -s '192.168.21.0/24' -j MASQUERADE
-------------------
Proxmox 5.4.6 on debian 9
Up to this point, my VM on vmbr2 bridge with 192.168.21.2 ip has internet conectivity without problem, so that nat works fine.
The problem comes when I enable cluster firewall. When I enable it, without rules, nat stop working.
I dont have another confgi or rules on iptables. what happen ?
Last edited: