[SOLVED] OVH vRack Masquerading not working

halex

New Member
Sep 23, 2022
3
0
1
Hi,

I have 2 proxmox servers connected through a vRack at OVH. I managed to make the nodes and VMs connect through the vRack, but for some reason, the VMs don't have access to the internet.
I had another set up through a single node before with OVH where I used MASQUERADE from the vmbr to give the VM internet access while creating a subnet. However, now I seem to only manage to either give the VMs internet access or make them communicate through the vRack.
Also, I cannot add any ip address on the vRack ... or at least I couldn't find how to.

Here is my /etc/network/interfaces configuration:
Code:
auto lo
iface lo inet loopback

iface eno1 inet manual

iface eno2 inet manual

iface enxb25e761312ba inet manual

auto vmbr0
iface vmbr0 inet static
        address 142.xxx.xxx.xxx/24
        gateway 142.xxx.xxx.254
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0


auto vmbr1
iface vmbr1 inet static
        address 10.0.0.11/8
        bridge-ports eno2
        bridge-stp off
        bridge-fd 0
       
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' ! -d '10.0.0.0/8'  -o eno1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' ! -d '10.0.0.0/8' -o eno1 -j MASQUERADE
        post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

What am I doing wrong?
 
Last edited:
I finally figured it out.
So I had to create two bridges for the interfaces. As I only have one public IP and not a bloc of IPs, I have to masquerade the egress to the internet to the public IP while the 'private egress' goes to the (vRack) private network card.

Here is an example for anyone with the same issue:
Code:
auto lo
iface lo inet loopback

auto enp3s0f0
iface enp3s0f0 inet static
        address 142.xxx.xxx.xxx/24
        gateway 142.xxx.xxx.254

iface enp3s0f1 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.0.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o enp3s0f0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o enp3s0f0 -j MASQUERADE
        post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1


auto vmbr1
iface vmbr1 inet static
        address 10.0.0.11/8
        bridge-ports enp3s0f1
        bridge-stp off
        bridge-fd 0

Here I generated a subnet on 192.168.0.0/24 (and on 192.168.1.0/24 for the other node). While I mapped the subnet to 10.0.0.0/8 for the private network.
Additionally, you need to put the two bridges on as network interfaces for each VM and LXC.:
- eth0 on subnet of the host with gateway to the host (e.g. 192.168.0.2/24 with gateway to 192.168.0.1)
- eth1 on subnet of vRack with no gateway (e.g. 10.10.10.2/8): the /8 is really important as I mapped different hosts with different /24 subnets (i.e. one host has 10.10.10.0/24 another 10.10.20.0/24, etc.) and I want the VMs and LXC to be able to communicate with the host as well on 10.0.0.0/24.