Problem using NAT

Thirsting6053 · Jan 24, 2023

Hello I'm actually new to proxmox and I'm trying to configure a NAT interface for my containers so that they don't get an ip address on my router.
I tried the following configuration :
```
auto lo
iface lo inet loopback

iface enp3s0 inet manual

auto vmbr0
iface vmbr0 inet static
address 192.168.1.166/24
gateway 192.168.1.1
bridge-ports enp3s0
bridge-stp off
bridge-fd 0

auto vmbr66
iface vmbr66 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0
#Local network for Windows Machines

auto vmbr2
#private sub network
iface vmbr2 inet static
address 192.168.2.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.2.0/24' -o vmbr1 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.2.0/24' -o vmbr1 -j MASQUERADE```
vmbr2 should be used as the NAT Interface.

My configuration on the container is :
- address : 192.168.2.8/24
- gw : 192.168.2.1
- br : vmbr2
```
root@test:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0@if41: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether f6:d2:b4:44:35:ba brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.2.8/24 brd 192.168.2.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::f4d2:b4ff:fe44:35ba/64 scope link
valid_lft forever preferred_lft forever```

The problem is, the virtual machine can't ping 8.8.8.8
what did I do wrong in my setup?

cave · Jan 25, 2023

comparing your setup with the guide on the prox wiki : Masquerading (NAT) with iptables

Code:

auto lo
iface lo inet loopback

auto eno1
#real IP address
iface eno1 inet static
        address  198.51.100.5/24
        gateway  198.51.100.1

auto vmbr0
#private sub network
iface vmbr0 inet static
        address  10.10.10.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE

Your vmbr2

Code:

auto vmbr2
#private sub network
iface vmbr2 inet static
address 192.168.2.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.2.0/24' -o vmbr1 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.2.0/24' -o vmbr1 -j MASQUERADE```

your NAT is working? why do you do the NAT part with vmbr1 in the vmbr2 settings?
stick to the guide Masquerading (NAT) with iptables

Code:

- address : 192.168.2.8/24
- gw : 192.168.2.1
- br : vmbr2

vmbr2 should be the gateway? but is not connected to something bridge_ports none Thats a dead route.
i guess you will find out with route -n .

Probably you want to format your question next time, so it would be easier to read for other forum users!

Search

Search

Problem using NAT

Thirsting6053

New Member

cave

Renowned Member