network config / masquerading behind NAT not working. Please help!

[wesros11]

I've been fighting with my network config for many hours now but my VM get no internet so far.

my vm's can ping the local gateway. they can ping the external ip of the host. Yet it cant ping to external ip's like 1.1.1.1.

traceroute to external ip's show nothing

Ive been watching 20+ tutorials and checken many many blog post.

To my knowledge. Everything is setup just right. But it just doenst work.

Please kindly help?!


my setup:

Hetzner bare metal machine
fresh proxmox installation
single NIC with single WAN IP
hetzner firewall fully opened for testing/installation

all proxmox firewalls disabled


config:
auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
address x.x.x.x/27
gateway x.x.x.x
bridge-ports eno1
bridge-stp off
bridge-fd 0
up sysctl -p

auto vmbr1
iface vmbr1 inet static
address 10.10.10.1/24
bridge-ports none
bridge-stp off
bridge-fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

 

[wesros11]

extra information.

The host can connect to the internet and the host can ping external IP's.

So there is an internet connection coming in.

But why isnt it routed to my VM's?


the vm's can ping eachother internally.

 

[shanreich]

Try -o vmbr0 in your NAT rule, since the IP is configured there.

 

[wesros11]

-o vmbr0 in your NAT rule, since the IP is c

fokken hell i feel so stupid.

I thought i tried that with no succes.

But now that i try again it seems to work.

Thanks so far!