Nating VMS

Z

zm3000

New Member
Mar 16, 2017
3
0
1
34
Hello community,

Im new here and i would like to request your help.
I will explain my issu:

I have a hosted physicial server with one main ipv4 adress (212.45.89.5/24) and i have bought 2 public ip fail overs(45.98.68.78 and 45.98.68.79)
I would like to have 3 differents public ips on the net and on each ips, have a local network.
I have configured as i think. and it kinda works. In fact, local network going on my main ip, it works, but when i use the ip fail over, nothing. I can ping from my computer the ip fail over.
helppm.png

Here are the configurations:
Host /etc/network/interfaces:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 212.45.89.5
netmask 255.255.255.0
gateway 212.45.89.1

auto eth0:1
iface eth0:1 inet static
address 45.98.68.78
netmask 255.255.255.255

auto eth0:2
iface eth0:2 inet static
address 45.98.68.79
netmask 255.255.255.255

auto vmbr0
#private sub network
iface vmbr0 inet static
address 10.10.0.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.0.0/24' -o eth0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.0.0/24' -o eth0 -j MASQUERADE

auto vmbr1
#private sub network
iface vmbr1 inet static
address 10.10.10.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eth0:1 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eth0:1 -j MASQUERADE

auto vmbr2
#private sub network
iface vmbr2 inet static
address 10.10.20.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.20.0/24' -o eth0:2 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.20.0/24' -o eth0:2 -j MASQUERADE

For the VM network :
For me, to go on internet with the first fail over : 45.98.68.78, we have to connect our network to bridge vmbr1. (vmbr2 for 45.98.68.79 and vmbr0 for 212.45.89.5)
We configure the vm ifconfig eth0 with 10.10.10.1 netmask 255.255.255.0 gw 10.10.10.254

And still not working. Am i right? have i missed a point?

Thanks for your help.
 
zm3000 said:
Hello community,

Im new here and i would like to request your help.
I will explain my issu:

I have a hosted physicial server with one main ipv4 adress (212.45.89.5/24) and i have bought 2 public ip fail overs(45.98.68.78 and 45.98.68.79)
I would like to have 3 differents public ips on the net and on each ips, have a local network.
I have configured as i think. and it kinda works. In fact, local network going on my main ip, it works, but when i use the ip fail over, nothing.
Click to expand...

What exactly means "nothing"? What exactly means "use ip fail over"? Outgoing connection to internet from VMs?

zm3000 said:
auto eth0
iface eth0 inet static
address 212.45.89.5
netmask 255.255.255.0
gateway 212.45.89.1
Click to expand...

Since Proxmox uses the above gateway all outgoing connection from VMs will be seen as from 212.45.89.5 - eth0:1 and eth0:2 will never be used.
 
Hello, i have found my issue. My postrouting was wrong. I shouldn't use MASQUARADE when you have more than 1 outgoing IP.
post-up iptables -t nat -A POSTROUTING -s '10.10.20.0/24' -o eth0 -j SNAT --to-source 45.98.68.79
 
a stupid question but what in your setup is failover? your config is senseless... failover is a switch to another server where your vm's are deployed too and can be used as backup when your mainserver is down.

In your setup is no backup, no master...you use 3 IP's at the Same host... it's not a failover more a server with 3 public ip's only...if proxmox is down, all 3 IP's and all your vm's are unreachable...
 
Thats right, ip failover is a public ip we can use for a VM and we can change it fast. But i do not want to do like that, i just want to use it as a secondary ip, to attack it for production services.
Thats right, the host has 3 different ips. Yes, thats also right if proxmox goes down, my 3 ip goes down. I do not have any redudancy for that. I just wanted to divide my network in 3 parts : security, qualification and production.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back