Proxmox + Shorewall Internet Gateway Config Help

C

Chaoz

New Member
Apr 18, 2016
5
0
1
41
Hi,

I'm new to Proxmox since I'm migrating from VMware Server 2.
I have a VM Server that also acts as a internet gateway. It has 2 network cards, 1 (eth0) for the WAN and 1 ( eth1 ) for the local network... eth0 is setup as dhcp and eth1 static ( as required for proxmox installation ).
I installed using the Debian path, and before installing promox, finished setting up the internet gateway to allow the PCs connected in eth1 to be able to access the internet via the gateway.( which was a success )

I used this how-to to setup only the internet gateway part, (pages 1 and 2), and I didnt continue to the email part etc...

https://www.howtoforge.com/ubuntu6.10_firewall_gateway

This is my network config as of the moment.(changed IP address for security)

//-----------------------------------------
auto lo vmbr0
iface lo inet loopback

allow-hotplug eth0

iface eth0 inet dhcp

iface eth1 inet manual

iface vmbr0 inet static
address 192.168.1.100
netmask 255.255.255.0
bridge_ports eth1
bridge_stp off
bridge_fd 0
//-----------------------------------------


If I start the firewall, I cant ping the inner IP, 192.168.1.100, via my laptop ( 192.168.1.103) ... if i stop the firewall I can ping 192.168.1.100 and and VM ( 192.168.1.101 ). The vm also cannot ping google.

Any help would be appreciated.

Thanks
 
Hi,

the problem is your WAM is on eth0 but your vm bride is on eth1, so in this configuration you have no WAM route from the VM's.

When I understand you correct, you like to have the hole WAM traffic over the Gateway VM.

Then you have 2 opportunities.

1.) passthrough the eth0 to the vm.
https://pve.proxmox.com/wiki/Pci_passthrough

2.) make a second bride on eth0 and connect to the Gateway VM.
 
Hi!

Thanks for the help.

passthrough is not an option for me.

WAN and eth0 is not the issue here though.... the server is acting as an Internet gateway at the same time serving the VM. So the VM, as well as other PC, laptops connected to the switch, should be pointing to the server's inner IP address ( eth1 ) as its gateway. ( I was able to set this up using VMWare Server 2.0.2 before. )

Attach is a diagram what I'm trying to setup.

234.jpg

So, VM-01 should be able to ping 192.168.1.100 and set it as its iternet gateway in its interface settings.
Hope this clears things up.



Right now, im playing around with aliases and trying to make an alias of eth1 ( eth1:1 ) and setting it as the vmbr0 port/slave. I can ping myself ( eth1 192.168.1.100 and eth1:1 192.168.1.102 ), but once I bring up the VM, the VM cant ping either 192.168.1.100 and 192.168.1.102, eventhough its connected via the vmbr0 bridge.

Also I observed, that when I bring up the virtual machine, there's a new interface being created.

//----------------------------------------------------------------------------
tap100i0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
inet6 addr: xxxx::xxxxx:xxxx:xxxx:xxxx/xx Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:35 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:1782 (1.7 KiB) TX bytes:648 (648.0 B)
//----------------------------------------------------------------------------

... which disappears when I turn off the VM.

My current interface settings is now...

auto lo eth1
iface lo inet loopback

allow-hotplug eth0

iface eth0 inet dhcp

iface eth1 inet static
address 192.168.1.100
netmask 255.255.255.0
broadcast 192.168.1.255
network 192.168.1.0

auto eth1:1
iface eth1:1 inet manual

auto vmbr0
iface vmbr0 inet static
address 192.168.1.102
netmask 255.255.255.0
bridge_ports eth1:1
bridge_stp off
bridge_fd 0
//--------------------------------------------------------


If you need more info, please don't hesitate to ask.

Thanks
 

Attachments

  • 234.jpg
    234.jpg
    44 KB · Views: 6
  • 234.jpg
    234.jpg
    44 KB · Views: 5
Here's the vmware setup i want to reproduce.
 

Attachments

  • GUID-8AB8E6E2-E16F-4E60-8421-669C96E6BF38-high.png
    GUID-8AB8E6E2-E16F-4E60-8421-669C96E6BF38-high.png
    14.2 KB · Views: 14
Tried playing around with VLAN today... my setup below.


auto lo
iface lo inet loopback

allow-hotplug eth0

iface eth0 inet dhcp

auto eth1
iface eth1 inet static
address 192.168.1.100
netmask 255.255.255.0
broadcast 192.168.1.255
network 192.168.1.0

auto eth1.100
iface eth1.100 inet manual
vlan-raw-device eth1

auto vmbr0
iface vmbr0 inet static
address 192.168.1.102
netmask 255.255.255.0
bridge_ports eth1.100
bridge_stp on
bridge_fd 0
bridge_maxwait 10
//-----------------------------------------------------

Thought having a bridge via eth1.100 to eth1 might work but didn't.... my vm ( 192.168.1.101 ) cant ping 192.168.1.100 or 192.168.1.102...
 
The option "2" dont works for you? -> make a second bride on eth0 and connect to the Gateway VM.

auto vmbr0
iface vmbr0 inet manual
bridge_ports eth0
bridge_stp off
bridge_fd 0

So your GW get DHCP... I have that config with my servers.
 
eth0 should not be touched... I setup shorewall + dnsmasq to make the server also an internet gateway... so eth1 also should not be modified.

something like this diagram...
123.jpg
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back