[SOLVED] Network issues

R

RayzenMat

New Member
Jul 12, 2018
11
0
1
28
Hello, I am currently installing a proxmox server in version 5.4. The server is rented in a datacenter that provides us with a public ip address as well as a private one. Here is my network configuration on my proxmox :

auto lo
iface lo inet loopback
allow-hotplug eno1
iface eno1 inet manual
auto eno2
iface eno2 inet dhcp
iface eno3 inet manual
iface eno4 inet manual
auto vmbr0
iface vmbr0 inet static
address 62.XXX.XX.XXX
netmask 255.255.255.0
gateway 62.XXX.XX.X
bridge-ports eno1
bridge-stp off
bridge-fd 0
pre-up iptables-restore < /etc/iptables.rules

auto vmbr1
iface vmbr1 inet static
address 192.168.10.254
netmask 255.255.255.0
bridge-ports vmbr0
bridge-stp off
bridge-fd 0

auto vmbr0:0
iface vmbr0:0 inet static
address 212.XX.XXX.XX
netmask 255.255.255.0


I have several virtual machines that are connected to the vmbr1 so with an address in 192.168.X.X. But it's impossible to ping public google dns. I do not know why because we have two other servers with the same type of configuration that works very well. Waiting for an answer. Thank you, Mathias
 
RayzenMat said:
auto vmbr1
iface vmbr1 inet static
address 192.168.10.254
netmask 255.255.255.0
bridge-ports vmbr0
bridge-stp off
bridge-fd 0
Click to expand...

It's very unusual to put a bridge as a bridge-port into another bridge - are you sure your other servers work like that?

Please check the reference-documentation (you probably want something like the masqueraded setup with iptables) - https://pve.proxmox.com/pve-docs/ch..._nat_with_span_class_monospaced_iptables_span

RayzenMat said:
auto eno2
iface eno2 inet dhcp
Click to expand...
is eno2 used at all? - why do you have it configured via dhcp?
RayzenMat said:
auto vmbr0:0
iface vmbr0:0 inet static
address 212.XX.XXX.XX
netmask 255.255.255.0
Click to expand...

you could consider switching the network-configuration from the 'legacy' config with ':0' to the iproute2 way - see https://wiki.debian.org/NetworkConfiguration#Multiple_IP_addresses_on_one_Interface

Hope this helps!
 
I tried your solution but I still have the same problem. My virtual machines do not ping public dns Google for example.

For vmbr0:0 i try 'legacy' mode and iproute2 way but it's doesn't work.
 
* please post your '/etc/network/interfaces' (inside code tags)
* what is the purpose of the private ip from your provider?
 
Voici le contenu de mon dossier /etc/network/interfaces :

Code: 
 # paramètres d'interface réseau; genere automatiquement

# Veuillez NE PAS modifier ce fichier directement, à moins que vous sachiez quoi
# tu fais.
#
# Si vous souhaitez gérer manuellement des parties de la configuration réseau,
# veuillez utiliser les directives 'source' ou 'source-directory' pour faire
# alors.
# PVE préservera ces directives, mais ne lira PAS son réseau
# configuration à partir de fichiers sourcés, ne tentez donc pas de déplacer
# les interfaces gérées par PVE dans des fichiers externes!

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

allow-hotplug eno1

auto eno1
Manuel ifet eno1 inet

auto eno2
iface eno2 inet dhcp

Manuel ifet eno3 inet

iface eno4 inet manuel

auto vmbr0
iface vmbr0 inet statique
        adresse 62.210.XX.XXX
        masque de réseau 255.255.255.0
        passerelle 62.210.XX.X
        pont-ports eno1
        pont-stp off
        bridge-fd 0
        serveur de noms 8.8.8.8 62.210.XX.X

auto vmbr1
iface vmbr1 inet statique
    adresse 192.168.10.254
    masque de réseau 255.255.255.0
    diffusion 192.168.10.255
    bridge_ports aucun
    bridge_stp off
    bridge_fd 0
    post-up echo 1> / proc / sys / net / ipv4 / ip_forward
    post-up iptables -t nat -A POSTROUTING -s '192.168.10.0/24' -o vmbr0 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '192.168.10.0/24' -o vmbr0 -j MASQUERADE

With this conf it's works !
Now I have to redirect my SSH ports for each container
 
I tried this for SSH port forwarding :

Code: 
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22100 -j DNAT --to 192.168.10.100:22
    post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22100 -j DNAT --to 192.168.10.100:22
 
Just to be sure - the '/etc/network/interfaces' look as if translated automatically (I'm pretty sure that 'masque de reseau' would not work for netmask there)

It seems that you're still missing the SNAT rule for the return packets from the container (they need to leave the node with a sport of 22100) ?

It's probably the easiest for you to track the packets with tcpdump and see how they enter/leave the box:
* `tcpdump -nvi vmbr0 host x.x.x.x` (replace x.x.x.x with the host from which you try to connect to the container (and use a different host for that then the one you have your ssh-connection open, otherwise you will get too many things in your log) - this show what enters/exits the pvenode
* `tcpdump -nvi eth0 host x.x.x.x` - inside the container

if this does not help - also sniff on the tap interfaces for the container.

hope this helps!
 
This is the translation. Everything works now, SSH port forwarding for each container works

Where i can configure failover ip address ?


Thanks a lot for the help
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back