[SOLVED] Proxmox has internet, can't figure out why containers don't.

S

Skyrider

Active Member
May 11, 2020
55
1
28
38
So after some time, I finally got proxmox to work. I can access the GUI and it has a network/internet connection just fine using the following:

1706789644621.png

However, having issues with containers having no internet access. Currently a test container has the following info:

Code: 
arch: amd64
cores: 2
cpulimit: 1
features: nesting=1
hostname: testtest
memory: 1024
net0: name=eth0,bridge=vmbr1,gw=10.248.110.1,hwaddr=xxxx,ip=10.248.110.2/24,type=veth
onboot: 1
ostype: ubuntu
rootfs: local-zfs:subvol-100-disk-0,size=8G
swap: 512
unprivileged: 1

DNS is set to google (8.8.8.8, 8.8.4.4) and hosts file on the main host:


127.0.0.1 localhost.localdomain localhost
10.0.2.15 pve.skyrider pve

# The following lines are desirable for IPv6 capable hosts

::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts


10.0.2.15 was set by the installer. Even if I'd match that with 10.248.110.1 it still wouldn't work.

ip a info from the container:

Code: 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether xxxxxxxxxxxxxx link-netnsid 0
    inet 10.248.110.2/24 brd 10.248.110.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::be24:11ff:fe15:b9bb/64 scope link
       valid_lft forever preferred_lft forever

I can ping the container from the host. net.ipv4.ip_forward/net.ipv6.conf.all.forwarding is also set to 1 in sysctl. Am I doing something wrong?
 

Attachments

  • 1706789703206.png
    1706789703206.png
    41.3 KB · Views: 11
Last edited:
Fixed.

By changing:
Code: 
post-up   iptables -t nat -A POSTROUTING -s '10.248.110.0/24' -o enp35s0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.248.110.0/24' -o enp35s0 -j MASQUERADE

To:
Code: 
post-up   iptables -t nat -A POSTROUTING -s '10.248.110.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.248.110.0/24' -o vmbr0 -j MASQUERADE

Apparently it doesn't work when targeting the network interface directly. So It'll get the interface from vmbr0
 
You must log in or register to reply here.
Top Bottom