[SOLVED] No internet on network

[gernazdasch]

Hello.

I want to give internet access to a VM. I used this technique a lot of times, why is now not working?

# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

iface lo inet6 loopback

auto enp8s0
iface enp8s0 inet static
        address xxx.xxx.xxx.xxx/26
        gateway xxx.xxx.xxx.xxx
        up route add -net xxx.xxx.xxx.xxx netmask 255.255.255.192 gw xxx.xxx.xxx.xxx dev enp8s0
        # route xxx.xxx.xxx.xxx/26 via xxx.xxx.xxx.xxx
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward

iface enp8s0 inet6 static
        address xxxx:xxx:xxx:xxxx::x/64
        gateway fe80::1

iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.10.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up iptables -t nat -A POSTROUTING -s 192.168.10.1/24 -o vmbr0  -j MASQUERADE
        post-down iptables -t nat -A POSTROUTING -s 192.168.10.1/24 -o vmbr0 -j MASQUERADE

auto vmbr1
iface vmbr1 inet static
        address 192.168.20.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

# no internet network
auto vmbr2
iface vmbr2 inet static
        address 10.10.10.100/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up iptables -t nat -A POSTROUTING -s 10.10.10.100/24 -o vmbr2 -j MASQUERADE
        post-down iptables -t nat -A POSTROUTING -s 10.10.10.100/24 -o vmbr2 -j MASQUERADE

ip addr from vm:

test1@test1:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 6a:95:75:02:14:92 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    inet 192.168.10.101/24 brd 192.168.10.255 scope global noprefixroute ens18
       valid_lft forever preferred_lft forever
    inet6 fe80::6895:75ff:fe02:1492/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

I am wondering what i am doing wrong, i did this to other proxmox servers and working. I might miss something maybe.

Thank you.

 

[gernazdasch]

I solve it by myself, the right command was :

iptables -t nat -A POSTROUTING -s 192.168.10.1/24 -o [B]enp8s0[/B] -j MASQUERADE

so basically if you want to give internet to newly created network, you have to do 2 things :

1. enable ip forward

auto enp8s0
iface enp8s0 inet static
        address xxx.xxx.xxx.xxx/26
        gateway xxx.xxx.xxx.xxx
        up route add -net xxx.xxx.xxx.xxx netmask 255.255.255.192 gw xxx.xxx.xxx.xxx dev enp8s0
        # route xxx.xxx.xxx.xxx/26 via xxx.xxx.xxx.xxx
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward

2. add a MASQUERADE rule :

auto vmbr0
iface vmbr0 inet static
        address 192.168.10.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up iptables -t nat -A POSTROUTING -s 192.168.10.1/24 -o [B]enp8s0[/B] -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s 192.168.10.1/24 -o [B]enp8s0[/B] -j MASQUERADE

where enp8s0 (it could be vlan1919, or other) is your main network that proxmox is already connected to the internet.

Please mark this as fixed or delete the post.[/CODE]