Proxmox + Internal Network + iptables = no access

J

jsieler

Active Member
Oct 18, 2019
21
0
41
38
Hello everyone. Since few days I'm struggling on my server. Currently, that's Proxmox installed from ISO over KVM. So, basic thing, like main Ethernet and bridge are preinstalled. I've added another bridge interface for internal network so LXC containers can communicate with each other.

That's how HOST network config looks like:

Code: 
auto lo

iface lo inet loopback
iface enp41s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address 172.16.0.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up   iptables -t nat -A POSTROUTING -s '172.16.0.0/24' -o vmbr1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '172.16.0.0/24' -o vmbr1 -j MASQUERADE
        post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

auto vmbr1
iface vmbr1 inet static
        address XXX.XXX.XXX.245/27
        gateway XXX.XXX.XXX.225
        bridge-ports enp41s0
        bridge-stp off
        bridge-fd 0

Seems to be good so far. Now i created 2 LXC containers:

Code: 
CADDY - 172.16.0.10 - eth0 on vmbr1
TEST  - 172.16.0.11 - eth0 on vmbr1

Later i added following iptables rule to access caddy from outer world and it's working also too:

Code: 
iptables -t nat -D PREROUTING -i vmbr1 -p tcp --dport 80 -j DNAT --to-destination 172.16.0.100:80

I can just call "http://XXX.XXX.XXX.245" in my browser and see actual caddy page.

The problem is, i can't do that from TEST machine. Whenever i call curl http://XXX.XXX.XXX.245 i see curl: (7) Failed to connect to X.X.XX.245 port 80: Connection refused. While calling `curl http://172.16.0.100` just working fine. It doesn't matter which port i use. Firewall is disabled at Datacenter level.

What is the problem? What do i need to do or to add?! Thanks!
 
What NMAP is reporting:

Code: 
#nmap -p 80 172.16.0.100
Starting Nmap 7.80 ( https://nmap.org ) at 2022-05-15 02:22 UTC
Nmap scan report for 172.16.0.100
Host is up (0.000031s latency).
PORT   STATE SERVICE
80/tcp open  http
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds

# nmap -p 80 X.X.XX.245
Starting Nmap 7.80 ( https://nmap.org ) at 2022-05-15 02:22 UTC
Nmap scan report for X.X.X.245
Host is up (0.000030s latency).
PORT   STATE  SERVICE
80/tcp closed http
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds

But, how is that possible if i can access http://X.X.X.245 from my PC?!
 
Hi, i'm a bit confused by your setup. Can you post the config of your two VMs:

Code: 
qm config <vmid>
 
You must log in or register to reply here.
Top Bottom