I have 2 Containers created on my host.
1 Container uses default vmbr0 bridge and uses a dedicated/additional IP from my ISP (hetzner) and can connect to host and internet.
2nd Container uses a private vmbr1 bridge and 10.10.10.1/24 private network and is bridged to main physical eth0.
Now, the private network CT2 can ping the public network CT1, but public CT1 cannot ping or access private CT2. I want to do this to have my CT1 act as a public nginx server to reverse proxy to all other private CT2 containers.
What am I doing wrong ?
This is my network interface file
1 Container uses default vmbr0 bridge and uses a dedicated/additional IP from my ISP (hetzner) and can connect to host and internet.
2nd Container uses a private vmbr1 bridge and 10.10.10.1/24 private network and is bridged to main physical eth0.
Now, the private network CT2 can ping the public network CT1, but public CT1 cannot ping or access private CT2. I want to do this to have my CT1 act as a public nginx server to reverse proxy to all other private CT2 containers.
What am I doing wrong ?
This is my network interface file
Code:
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto enp4s0
iface enp4s0 inet manual
auto vmbr0
iface vmbr0 inet static
address 176.x.x.5
netmask 255.255.255.255
gateway 176.x.x.1
bridge-ports enp4s0
bridge-stp off
bridge-fd 0
pointopoint 176.x.x.1
#broadcast 176.x.x.31
##Edited for Virtual Network
#bridge_fd 1
#bridge_hello 2
#bridge_maxage 12
auto vmbr1
iface vmbr1 inet static
address 10.10.10.1
netmask 32
bridge-ports vmbr0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
#bridge_ports vmbr1
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1