Problems with ifupdown2 and NAT directives

[Daniele de Petris]

Hello this problem occurs on all our ovh servers, when we try to use ifupdown2 the iptables NAT directives are ignored. This is the typical configuration:

auto lo
iface lo inet loopback

iface enp5s0f0 inet manual

iface enp5s0f1 inet manual

iface enp7s0f3u2u2c2 inet manual

auto vmbr1
iface vmbr1 inet static
        address 172.16.1.2/16
        bridge-ports enp5s0f1
        bridge-stp off
        bridge-fd 0
        pre-up ifconfig enp5s0f1 mtu 9000
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '172.16.1.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '172.16.1.0/24' -o vmbr0 -j MASQUERADE
        post-up   iptables -t raw -I PREROUTING  -i fwbr+ -j CT --zone 1
        post-down iptables -t raw -D PREROUTING  -i fwbr+ -j CT --zone 1
# Allow NAT working with the built-in firewall

auto vmbr0
iface vmbr0 inet dhcp
        bridge-ports enp5s0f0
        bridge-stp off
        bridge-fd 0

 

[spirit]

Hi, only at boot ?

do a reload "ifreload -a" is fixing it ?

also "pre-up ifconfig enp5s0f1 mtu 9000" , don't use ifconfig, it's deprecated since year. (not sure it still exist anyway).
can you try to replace this by "mtu 9000" ?

 

[oktay]

I am having a similar issue. It exhibits itself as if the post-up stuff in '/etc/network/interfaces' is getting ignored, but even when I run iptables manually and check iptables -t nat -L, there's nothing in it. iptables does not show an error. Is pve-firewall flushing custom rules or something?

Another issue which might be related, the bridge I am using for NAT stops working sporadically.

Note. This is on the latest proxmox 7.1.