Hi!
After restarting the node, there is no Internet on the virtual machines, which are in the vmbr0.31 network.
The Internet appears if I enter the command
vmbr0.30 network works always fine.
Internet from node works fine.
Proxmox VE 6.3-6
OS: Debian GNU/Linux 10 (buster)
How to solve this problem?
After restarting the node, there is no Internet on the virtual machines, which are in the vmbr0.31 network.
The Internet appears if I enter the command
ifup vmbr0.31 or /etc/init.d/networking restartvmbr0.30 network works always fine.
Internet from node works fine.
Proxmox VE 6.3-6
OS: Debian GNU/Linux 10 (buster)
How to solve this problem?
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto ens5f0
iface ens5f0 inet static
address 99.99.139.18/28
gateway 99.99.139.17
dns-nameserver 99.99.149.26
dns-nameserver 99.92.131.2
#WAN
iface ens5f1 inet manual
iface ens5f2 inet manual
iface ens5f3 inet manual
auto vmbr0
iface vmbr0 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
auto vmbr0.30
iface vmbr0.30 inet static
address 172.16.30.1/30
#p2p subnet between node and VM-pfSense (VPN to office)
auto vmbr0.31
iface vmbr0.31 inet static
address 172.16.31.1/24
#Subnet for VMs
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '172.16.30.0/30' -o ens5f0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '172.16.30.0/30' -o ens5f0 -j MASQUERADE
post-up iptables -t nat -A POSTROUTING -s '172.16.31.0/24' -o ens5f0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '172.16.31.0/24' -o ens5f0 -j MASQUERADE
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
post-up iptables -t nat -A PREROUTING -p tcp -d 99.99.139.18 --dport 53 -i ens5f0 -j DNAT --to-destination 172.16.31.5:53
post-down iptables -t nat -D PREROUTING -p tcp -d 99.99.139.18 --dport 53 -i ens5f0 -j DNAT --to-destination 172.16.31.5:53
post-up iptables -t nat -A PREROUTING -p udp -d 99.99.139.18 --dport 53 -i ens5f0 -j DNAT --to-destination 172.16.31.5:53
post-down iptables -t nat -D PREROUTING -p udp -d 99.99.139.18 --dport 53 -i ens5f0 -j DNAT --to-destination 172.16.31.5:53
post-up ip route add 192.168.0.0/16 via 172.16.30.2
post-down ip route add 192.168.0.0/16 via 172.16.30.2
post-up ip route add 172.16.0.0/16 via 172.16.30.2
post-down ip route add 172.16.0.0/16 via 172.16.30.2
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto ens5f0
iface ens5f0 inet static
address 99.99.139.18/28
gateway 99.99.139.17
dns-nameserver 99.99.149.26
dns-nameserver 99.92.131.2
#WAN
iface ens5f1 inet manual
iface ens5f2 inet manual
iface ens5f3 inet manual
auto vmbr0
iface vmbr0 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
auto vmbr0.30
iface vmbr0.30 inet static
address 172.16.30.1/30
#p2p subnet between node and VM-pfSense (VPN to office)
auto vmbr0.31
iface vmbr0.31 inet static
address 172.16.31.1/24
#Subnet for VMs
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '172.16.30.0/30' -o ens5f0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '172.16.30.0/30' -o ens5f0 -j MASQUERADE
post-up iptables -t nat -A POSTROUTING -s '172.16.31.0/24' -o ens5f0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '172.16.31.0/24' -o ens5f0 -j MASQUERADE
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
post-up iptables -t nat -A PREROUTING -p tcp -d 99.99.139.18 --dport 53 -i ens5f0 -j DNAT --to-destination 172.16.31.5:53
post-down iptables -t nat -D PREROUTING -p tcp -d 99.99.139.18 --dport 53 -i ens5f0 -j DNAT --to-destination 172.16.31.5:53
post-up iptables -t nat -A PREROUTING -p udp -d 99.99.139.18 --dport 53 -i ens5f0 -j DNAT --to-destination 172.16.31.5:53
post-down iptables -t nat -D PREROUTING -p udp -d 99.99.139.18 --dport 53 -i ens5f0 -j DNAT --to-destination 172.16.31.5:53
post-up ip route add 192.168.0.0/16 via 172.16.30.2
post-down ip route add 192.168.0.0/16 via 172.16.30.2
post-up ip route add 172.16.0.0/16 via 172.16.30.2
post-down ip route add 172.16.0.0/16 via 172.16.30.2
ip route
default via 99.99.139.17 dev ens5f0 proto kernel onlink
99.99.139.16/28 dev ens5f0 proto kernel scope link src 99.99.139.18
172.16.0.0/16 via 172.16.30.2 dev vmbr0.30
172.16.30.0/30 dev vmbr0.30 proto kernel scope link src 172.16.30.1
172.16.31.0/24 dev vmbr0.31 proto kernel scope link src 172.16.31.1
192.168.0.0/16 via 172.16.30.2 dev vmbr0.30
default via 99.99.139.17 dev ens5f0 proto kernel onlink
99.99.139.16/28 dev ens5f0 proto kernel scope link src 99.99.139.18
172.16.0.0/16 via 172.16.30.2 dev vmbr0.30
172.16.30.0/30 dev vmbr0.30 proto kernel scope link src 172.16.30.1
172.16.31.0/24 dev vmbr0.31 proto kernel scope link src 172.16.31.1
192.168.0.0/16 via 172.16.30.2 dev vmbr0.30
Last edited:
