Private subnet: host can connect to guests, guests to internet, but not to host or each other

P

panyasan

Member
Nov 14, 2010
9
0
21
Hello,

I have done my research, but didn't find a solution. I have the following problem: I have a simple private subnet on the host:

Code: 
iface vmbr1 inet static
  address 10.10.10.1
  netmask 255.255.255.0
  bridge_ports none
  bridge_stp off
  bridge_fd 0

  # Enable NAT so machines in this network can reach the internet
  post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eth0 -j MASQUERADE
  post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eth0 -j MASQUERADE

and I can reach the LXC guests on this subnet without any problems (ssh from host, reverse proxy from VM in different subnet and with public IP etc.). The guests have no trouble reaching the internet.

However, the guests cannot reach the host (ping, ssh) nor each other.

I have not changed the guests' default /etc/network/interfaces config, since it routes all traffic correctly over vmbr1. What do i miss?

Thanks for pointers...
 
Last edited:
It seems ещ ьу

post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' ! -d '10.10.10.0/24' -o eth0 -j MASQUERADE

should help you.
 
Thank you very much. The LXC containers can now talk to each other!

However, I still cannot connect to the proxmox host from the containers. Should this work out of the box and I misconfigured something? Do I need an additional bridge to make this work? Or must this be solved by manual routing?

This is probably trivial, I just don't seem to find the right answer. Thanks a bunch for helping out...
 
Last edited:
In case you wonder why I don't try out different rules until success: I have a couple of containers with applications in production and I cannot repeatedly restart the host in order to make the new rules effective. I just need a small cue how to solve my problem, the rest I can figure out myself. Thank you for any advice on the matter.
 
panyasan said:
Thank you very much. The LXC containers can now talk to each other!

However, I still cannot connect to the proxmox host from the containers. Should this work out of the box and I misconfigured something? Do I need an additional bridge to make this work? Or must this be solved by manual routing?

This is probably trivial, I just don't seem to find the right answer. Thanks a bunch for helping out...
Click to expand...

To access proxmox from containers use 10.10.10.1 address as destination.
 
Last edited:
Thanks, that's what I thought would be the case, but 10.10.10.1 does not respond. On a different board, someone told me I have to use a dummy interface ("bridge_ports dummy0") so that packets won't be discarded by the host. I still have to test that and will report.

UPDATE: It doesn't work, unfortunately.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back