NAT Woes

crainbramp

Member
Apr 11, 2019
7
1
23
55
East Coast, USA
gravityservers.com
Hello:

So this seems to be a simple situation, but one that everyone runs into, as I've found tons of threads about this. However, there must be something I'm missing. Only after a few hours of trying this over and over have I posted.

Very simple setup: non-clustered Proxmox node, at my datacenter, upstream switches have no MAC restrictions / have promiscuous turned on. Proxmox node has a public IP, as well as a /28, but I need some VMs, such as DBs, to be internal, but be able to be source-NAT'ed to the outside for updates, etc.

So, I created a new bridge (vmbr1), assigned it an IP with no adapter (10.0.1.250), set it to autostart, and put the started post-ups in (IPv4 forwarding and the Masquerade rule). Rebooted. Make a container, put it on vmbr1, with 10.0.1.2 as it's IP, and 10.0.1.250 as it's gateway, and no love. Can't ping 10.0.1.250, can't ping anything outside.

Can anyone shed any light?

So here's my interfaces file:

Code:
auto lo
iface lo inet loopback

allow-vmbr0 enp6s0
iface enp6s0 inet manual
        ovs_type OVSPort
        ovs_bridge vmbr0

iface enp7s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address  xxx.xxx.xxx.xxx
        netmask  255.255.255.252
        gateway  xxx.xxx.xxx.xxx
        ovs_type OVSBridge
        ovs_ports enp6s0
#Public Uplink

iface vmbr0 inet6 static
        address  xxxx:xxx:xx:xx:xx:x
        netmask  126
        gateway  xxxx:xxx:xx:xx:xx:x

auto vmbr1
iface vmbr1 inet static
        address  10.0.1.250
        netmask  255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0

    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s '10.0.1.0/24' -o vmbr0 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '10.0.1.0/24' -o vmbr0 -j MASQUERADE

Here's my network in the GUI

nat-3.png


And the container's network

nat-2.png


And finally the container trying to get out to the internet

nat-1.png
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!