Network restarting Error

M

misho2007

New Member
Jul 1, 2015
7
0
1
Hi,

i have Proxmox server hosted with online.net

i created vmbr2 interface to enable NAT between interfaces

my vmbr2 settings is:

auto vmbr2
iface vmbr2 inet static
address 192.168.1.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
Click to expand...

i used to add ports like that in /etc/network/interfaces:


post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 192.168.1.3:80
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 192.168.1.3:80
Click to expand...

then i restart the network service to apply the changes & every thing was ok,
now i'm trying to add new port but when i restart the network service i got the below error:

Running /etc/init.d/networking restart is deprecated because it may not re-enable some interfaces ... (warning).
Reconfiguring network interfaces...
Waiting for vmbr0 to get ready (MAXWAIT is 2 seconds).

Waiting for vmbr2 to get ready (MAXWAIT is 2 seconds).
iptables v1.4.14: can't initialize iptables table `vmbr0': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Failed to bring up vmbr2.
Click to expand...

nothing changed at all these settings are the same for 1 year without any problem or even editing it i just add ports from time to time with no problem but this issue happened suddenly yesterday

i hope you can help me,

Thx
 
Hum doing /etc/init.d/network restart is prone to failure.
If would suggest the following work approach:
* ifdown <name of the interface I want to change>
* manuall editing of /etc/network/interfaces
* ifup <name of the interface I have changed>
 
  • Like
Reactions: misho2007
Dear Manu,

Thx for your reply,

here is the output of ifdown vmbr2:

root@Iam-Alive:~# ifdown vmbr2
ifdown: interface vmbr2 not configured
Click to expand...


& if i use ifup vmbr2

root@Iam-Alive:~# ifup vmbr2
Waiting for vmbr2 to get ready (MAXWAIT is 2 seconds).
iptables v1.4.14: can't initialize iptables table `vmbr0': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Failed to bring up vmbr2.
Click to expand...


any idea ?
 
Hi it seems at that point vmbr0 is not active.
What do happens when you ifup vmbr0, wait a few seconds, then ifup vmbr2 ?
 
Hi,

but vmbr0 already has the Real IP of the Host, & i can ssh normally

and here is the result

root@Iam-Alive:~# ifup vmbr0
ifup: interface vmbr0 already configured
root@Iam-Alive:~# ifup vmbr2

Waiting for vmbr2 to get ready (MAXWAIT is 2 seconds).
iptables v1.4.14: can't initialize iptables table `vmbr0': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Failed to bring up vmbr2.
Click to expand...
 
Can you post the whole content of /etc/network/interfaces ?
 
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
address 62.210.192.163
netmask 255.255.255.0
gateway 62.210.192.1
bridge_ports eth0
bridge_stp off
bridge_fd 0


auto vmbr2
iface vmbr2 inet static
address 192.168.1.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 1632 -j DNAT --to 192.168.1.2:3389
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 1632 -j DNAT --to 192.168.1.2:3389
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 16332 -j DNAT --to 192.168.1.3:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 16332 -j DNAT --to 192.168.1.3:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 9987 -j DNAT --to 192.168.1.2:9987
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 9987 -j DNAT --to 192.168.1.2:9987
post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 9987 -j DNAT --to 192.168.1.2:9987
post-down iptables -t nat -D PREROUTING -i vmbr0 -p udp --dport 9987 -j DNAT --to 192.168.1.2:9987
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 9998 -j DNAT --to 192.168.1.2:9998
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 9998 -j DNAT --to 192.168.1.2:9998
post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 9998 -j DNAT --to 192.168.1.2:9998
post-down iptables -t nat -D PREROUTING -i vmbr0 -p udp --dport 9998 -j DNAT --to 192.168.1.2:9998
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 10011 -j DNAT --to 192.168.1.2:10011
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 10011 -j DNAT --to 192.168.1.2:10011
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 30033 -j DNAT --to 192.168.1.2:30033
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 30033 -j DNAT --to 192.168.1.2:30033
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 192.168.1.3:80
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 192.168.1.3:80
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 8070 -j DNAT --to 192.168.1.3:8070
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 8070 -j DNAT --to 192.168.1.3:8070
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 192.168.1.3:443
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 192.168.1.3:443
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 16332 -j DNAT --to 192.168.1.3:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 16332 -j DNAT --to 192.168.1.3:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 20 -j DNAT --to 192.168.1.3:20
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 3784 -j DNAT --to 192.168.1.2:3784
post-down iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 3784 -j DNAT --to 192.168.1.2:3784
post-up iptables -t nat -A PREROUTING -t vmbr0 -p udp --dport 3784 -j DNAT --to 192.168.1.2:3784
post-down iptables -t nat -A PREROUTING -t vmbr0 -p udp --dport 3783 -j DNAT --to 192.168.1.2:3784
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 20 -j DNAT --to 192.168.1.3:20
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 16321 -j DNAT --to 192.168.1.3:21
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 16321 -j DNAT --to 192.168.1.3:21
post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 16321 -j DNAT --to 192.168.1.3:21
post-down iptables -t nat -D PREROUTING -i vmbr0 -p udp --dport 16321 -j DNAT --to 192.168.1.3:21
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 25 -j DNAT --to 192.168.1.3:25
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 25 -j DNAT --to 192.168.1.3:25
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 26 -j DNAT --to 192.168.1.3:26
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 26 -j DNAT --to 192.168.1.3:26
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 110 -j DNAT --to 192.168.1.3:110
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 110 -j DNAT --to 192.168.1.3:110
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 143 -j DNAT --to 192.168.1.3:143
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 143 -j DNAT --to 192.168.1.3:143
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 465 -j DNAT --to 192.168.1.3:465
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 465 -j DNAT --to 192.168.1.3:465
post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 465 -j DNAT --to 192.168.1.3:465
post-down iptables -t nat -D PREROUTING -i vmbr0 -p udp --dport 465 -j DNAT --to 192.168.1.3:465
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 783 -j DNAT --to 192.168.1.3:783
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 783 -j DNAT --to 192.168.1.3:783
post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 783 -j DNAT --to 192.168.1.3:783
post-down iptables -t nat -D PREROUTING -i vmbr0 -p udp --dport 783 -j DNAT --to 192.168.1.3:783
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 993 -j DNAT --to 192.168.1.3:993
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 993 -j DNAT --to 192.168.1.3:993
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 995 -j DNAT --to 192.168.1.3:995
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 995 -j DNAT --to 192.168.1.3:995
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2095 -j DNAT --to 192.168.1.3:2095
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2095 -j DNAT --to 192.168.1.3:2095
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2096 -j DNAT --to 192.168.1.3:2096
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2096 -j DNAT --to 192.168.1.3:2096
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2077 -j DNAT --to 192.168.1.3:2077
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2077 -j DNAT --to 192.168.1.3:2077
post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 2077 -j DNAT --to 192.168.1.3:2077
post-down iptables -t nat -D PREROUTING -i vmbr0 -p udp --dport 2077 -j DNAT --to 192.168.1.3:2077
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2082 -j DNAT --to 192.168.1.3:2082
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2082 -j DNAT --to 192.168.1.3:2082
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2083 -j DNAT --to 192.168.1.3:2083
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2083 -j DNAT --to 192.168.1.3:2083
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2086 -j DNAT --to 192.168.1.3:2086
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2086 -j DNAT --to 192.168.1.3:2086
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2087 -j DNAT --to 192.168.1.3:2087
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2087 -j DNAT --to 192.168.1.3:2087
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 3306 -j DNAT --to 192.168.1.3:3306
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 3306 -j DNAT --to 192.168.1.3:3306
Click to expand...
 
Hi
What happens if you just leave the two first rules:

post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE

and comment out the rest ?
 
the rest of rules belongs to the needed ports on my VM machines

for example i have 2 VMs

Windows & Linux

i have website & some services need open ports on Linux
& i have Team speak server on windows & also need to open ports

if i delete these rules the website & teamspeak server will not be online & can't connect to them from outside
 
Hi
As said before, I suggest you to comment out everything of your firewall rules, and then progressive enable some of the rules, so you can find out which is creating the problem.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back