One way traffic for CT.

sseeker

New Member
Jan 25, 2016
4
0
1
28
Hi there,

I'm having some issues with a container that I've setup on my Proxmox VE 4.1 installation.

I can access the internet from my container but when I try to access the container from the outside (via it's public IP) it hits the host node running Proxmox and not the container.

The Proxmox host is running Debian Jessie with Proxmox 4.1.

The interface file from my host node is:
Code:
auto lo
iface lo inet loopback

allow-hotplug eth0

iface eth0 inet manual
        broadcast  XX.XX.XX.167
        network XX.XX.XX.160
        dns-nameservers 127.0.0.1
        dns-search X
# dns-* options are implemented by the resolvconf package, if installed

auto vmbr0
iface vmbr0 inet static
        address  XX.XX.XX.162
        netmask  255.255.255.248
        gateway  XX.XX.XX.161
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

and from my container:
Code:
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
       address XX.XX.XX.163
       netmask 255.255.255.248
       gateway XX.XX.XX.161

Not sure if this is all the info you need. Hope someone can lend a hand :)

Also - I'm not with OVH or other providers that issue virtual MACs for their IPs. I'm with DataShack.

Thanks,
Andrew
 
Last edited:
Hi,
try this

auto lo
iface lo inet loopback

iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
address XX.XX.XX.162
netmask 255.255.255.248
gateway XX.XX.XX.161
bridge_ports eth0
bridge_stp off
dns-nameservers 127.0.0.1
dns-search X
 
Thanks Wolfgang. I just tried this and it's the same result. The .163 IP is accessible however it points to the host and not the container. Full internet connectivity is available from within the container. I've also tried modifying the gateway for the container to .162 (the host) - the same situation happens but this only works when IPv4 forwarding is enabled on the host machine and often fails.

I also tried doing ip add route XXX dev vmbr0 under the iface vmbr0 config on the host. Complete loss of connectivity occurs when I do this.

Andrew
 
What Container Template do you use?
 
I downloaded the template from the content section of Proxmox. It's the Ubuntu 14.04 LXC template.
 
Ok the ubuntu template works perfect.

have you turned on the firewall if yes send me please the content of /etc/pve/firewall/cluster.fw,
if exists/etc/pve/firewall/<vmid>.fw
and if exists /etc/pve/nodes/<node>/host.fw

please send me also the config of you container /etc/pve/lxc/<vmid>.conf
 
Hi Wolfgang,

Sorry to double post but I downloaded a TurnKey template (OpenVPN) and installed it on .164. This works a treat! Both incoming and outgoing traffic work. So I went ahead and deleted the Ubuntu 14.04 template and redownloaded it. I terminated LXC CT 100 and recreated it with the freshly downloaded template. Unfortunately the same issue as before.

So I swapped the IPs between the TurnKey and the Ubuntu image so the Ubuntu is now 164 and the TurnKey is 163. The TurnKey works on .163 so it's not the IP that's conflicting. The Ubuntu doesn't work on .164. It must be a routing/config issue on the Ubuntu config??

I'll put everything back and send you the config info. Maybe something isn't deleting when I remove the container 100 and it's staying in the config somewhere?

Andrew
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!