Proxmox NAT / configuration confirmation

[vikozo]

Hello
in this post

http://forum.proxmox.com/threads/20382-Proxmox-Firewall-for-NAT?p=104214#post104214
with this code

auto vmbr2
iface vmbr2 inet static
address 10.147.42.193
netmask 255.255.255.192
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.147.42.192/26' -o eth0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.147.42.192/26' -o eth0 -j MASQUERADE

# information:
# Range for Virtuell Server would be
# 10.147.42.194 to
# 10.147.42.254
# GW would be 10.147.42.193

would this be working?
But how the traffic would go - because the Router still have 10.147.42.1/24



i asked if this setup would work like that and use 1/4C-Class IP Adresse to use for Virtuell Server

could somebody tell me if it would work, i am a bit afraid to kill my server

have a nice day
vinc

 

[Mr.Holmes]

Hello vinc

# information:
# Range for Virtuell Server would be
# 10.147.42.194 to
# 10.147.42.254
# GW would be 10.147.42.193

would this be working?
But how the traffic would go - because the Router still have 10.147.42.1/24

Not quite clear how Proxmox host is connected to the router - I conclude via eth0 and an address in 10.147.42.0/24

Then the answer will be: NO - there is an overlapping between 10.147.42.0/24 and 10.147.42.192/26

Why not make a simple change from 42 to e.g. 43, like this:

# Range for Virtuell Server would be
# 10.147.43.194 to
# 10.147.43.254
# GW would be 10.148.43.193

and

auto vmbr2
iface vmbr2 inet static
address 10.147.43.193
netmask 255.255.255.192
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.147.43.192/26' -o eth0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.147.43.192/26' -o eth0 -j MASQUERADE

and everything is fine.

Kind regards

Mr.Holmes

 

[vikozo]

@Mr.Holmes
thanks a lot for your Feedback.
i will try it tonight

do i have to add the vmbr2 in the GUI or just on the Hypervisor itself?
And all openVZ Container which should be reached from the Internet will have to have a IP Adresse from the Range defined?!

have a nice day
vinc

 

[Mr.Holmes]

Hello vinc

do i have to add the vmbr2 in the GUI or just on the Hypervisor itself?

In the GUI

And all openVZ Container which should be reached from the Internet will have to have a IP Adresse from the Range defined?!

Yes - note: if you have only containers with direct IP address you don´t need vmbr2; but I prefer also for containers use bridged virtual NICs (veth) - with venet0 sometimes unexpected effects occur.

Success!

Mr.Holmes

 

[vikozo]

Hello
i got an error adding a second vmbr



have a nice day
vinc

 

[vikozo]

but I prefer also for containers use bridged virtual NICs (veth)

where i have to add a eth Port - do i have to take a Real eth Port or do i define a "free" eth-number?
have a nice day
vinc

 

[Mr.Holmes]

Hello vinc,

i got an error adding a second vmbr

You can have only one default gateway - if you want it to put it to vmbr2 delete first from vmbr1.

where i have to add a eth Port - do i have to take a Real eth Port or do i define a "free" eth-number?

You can name it as you like - also "xyz1" or "krixkrax", also "eth1" of course.

No relation to any other NIC in any other VM /CT or host.

Kind regards

Mr.Holmes