Hello:
So this seems to be a simple situation, but one that everyone runs into, as I've found tons of threads about this. However, there must be something I'm missing. Only after a few hours of trying this over and over have I posted.
Very simple setup: non-clustered Proxmox node, at my datacenter, upstream switches have no MAC restrictions / have promiscuous turned on. Proxmox node has a public IP, as well as a /28, but I need some VMs, such as DBs, to be internal, but be able to be source-NAT'ed to the outside for updates, etc.
So, I created a new bridge (vmbr1), assigned it an IP with no adapter (10.0.1.250), set it to autostart, and put the started post-ups in (IPv4 forwarding and the Masquerade rule). Rebooted. Make a container, put it on vmbr1, with 10.0.1.2 as it's IP, and 10.0.1.250 as it's gateway, and no love. Can't ping 10.0.1.250, can't ping anything outside.
Can anyone shed any light?
So here's my interfaces file:
Here's my network in the GUI
And the container's network
And finally the container trying to get out to the internet
So this seems to be a simple situation, but one that everyone runs into, as I've found tons of threads about this. However, there must be something I'm missing. Only after a few hours of trying this over and over have I posted.
Very simple setup: non-clustered Proxmox node, at my datacenter, upstream switches have no MAC restrictions / have promiscuous turned on. Proxmox node has a public IP, as well as a /28, but I need some VMs, such as DBs, to be internal, but be able to be source-NAT'ed to the outside for updates, etc.
So, I created a new bridge (vmbr1), assigned it an IP with no adapter (10.0.1.250), set it to autostart, and put the started post-ups in (IPv4 forwarding and the Masquerade rule). Rebooted. Make a container, put it on vmbr1, with 10.0.1.2 as it's IP, and 10.0.1.250 as it's gateway, and no love. Can't ping 10.0.1.250, can't ping anything outside.
Can anyone shed any light?
So here's my interfaces file:
Code:
auto lo
iface lo inet loopback
allow-vmbr0 enp6s0
iface enp6s0 inet manual
ovs_type OVSPort
ovs_bridge vmbr0
iface enp7s0 inet manual
auto vmbr0
iface vmbr0 inet static
address xxx.xxx.xxx.xxx
netmask 255.255.255.252
gateway xxx.xxx.xxx.xxx
ovs_type OVSBridge
ovs_ports enp6s0
#Public Uplink
iface vmbr0 inet6 static
address xxxx:xxx:xx:xx:xx:x
netmask 126
gateway xxxx:xxx:xx:xx:xx:x
auto vmbr1
iface vmbr1 inet static
address 10.0.1.250
netmask 255.255.255.0
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.0.1.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.1.0/24' -o vmbr0 -j MASQUERADE
Here's my network in the GUI
And the container's network
And finally the container trying to get out to the internet