Hi,
I use the proxmox interfaces configuration below in several version but it does not work with latest
Remark : in previous version eno1 was eth0 (and it works fine)
with this configuration it is not possible to ping external IP from container (example 8.8.8.8)
it is not possible to access container from outside (example ssh -p 2003 user@xx.yy.zz.aa)
I notice that I have :
when I remove eno1 interfaces lines I can ping 8.8.8.8
Regarding ssh I have
=> the port forwarding rules are missing
When i set manually iptables rules I can ssh containers
One more point : if I take one old proxmox and upgrade it on V5.2-2, it works fine (in this case interface is not eno1 but stays eth0)
Then my question is: what is the right configuration to make new proxmox works as old one ?
Regards,
I use the proxmox interfaces configuration below in several version but it does not work with latest
Code:
auto lo
iface lo inet loopback
iface eno1 inet manual
auto vmbr1
iface vmbr1 inet static
address 192.168.147.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.147.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.147.0/24' -o vmbr0 -j MASQUERADE
auto vmbr0
iface vmbr0 inet static
address xx.yy.zz.aa
netmask 255.255.255.0
gateway xx.yy.zz.254
broadcast xx.yy.zz.255
bridge_ports eno1
bridge_stp off
bridge_fd 0
network xx.yy.zz.0
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2003 -j DNAT --to 192.168.147.3:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2003 -j DNAT --to 192.168.147.3:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2005 -j DNAT --to 192.168.147.5:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2005 -j DNAT --to 192.168.147.5:22
Remark : in previous version eno1 was eth0 (and it works fine)
with this configuration it is not possible to ping external IP from container (example 8.8.8.8)
it is not possible to access container from outside (example ssh -p 2003 user@xx.yy.zz.aa)
I notice that I have :
Code:
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 5.135.187.254 0.0.0.0 UG 0 0 0 eno1
0.0.0.0 5.135.187.254 0.0.0.0 UG 0 0 0 vmbr0
5.135.187.0 0.0.0.0 255.255.255.0 U 0 0 0 eno1
5.135.187.0 0.0.0.0 255.255.255.0 U 0 0 0 vmbr0
192.168.147.0 0.0.0.0 255.255.255.0 U 0 0 0 vmbr1
Regarding ssh I have
Code:
# iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A POSTROUTING -s 192.168.147.0/24 -o vmbr0 -j MASQUERADE
When i set manually iptables rules I can ssh containers
One more point : if I take one old proxmox and upgrade it on V5.2-2, it works fine (in this case interface is not eno1 but stays eth0)
Then my question is: what is the right configuration to make new proxmox works as old one ?
Regards,