[SOLVED] Proxmox System with 2 Pub IPs on seperate Hardware Ports

B

Barcode-Snow

New Member
Proxmox Subscriber
Oct 13, 2023
4
0
1
At the moment, we have a hardware appliance at a vendor's data center. This has a network card with several ports. The provider has given us 2 public IP addresses. We now want to use one IP and thus also one port only to reach the Proxmox system. The other IP and Port should be used in a MASQUERADE/NAT setup, so that the VMs communicate over this to the outside and we separate management and production.
Currently the configuration looks like this:

Code: 
[...]
iface enp1s0f0 inet manual

auto enp1s0f1
iface enp1s0f1 inet static
    address XXX.XXX.XXX.XX6/XX
    
auto vmbr0
iface vmbr0 inet static
        address XXX.XXX.XXX.XX1/XX
        gateway XXX.XXX.XXX.1
        bridge-ports enp1s0f0
        bridge-stp off
        bridge-fd 0
        
auto vmbr1
iface vmbr1 inet static
        address 10.10.10.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o enp1s0f1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o enp1s0f1 -j MASQUERADE

Now to the crazy part:
  • I can reach the GUI of Proxmox via both IPs.
  • If I ping with the interface enp1s0f1 I don't get an answer ping -I enp1s0f1 google.com -> 100% packet loss
  • If I connect a VM to the vmbr1 it does not reach the internet, the Proxmox interface (10.10.10.1) in this network can be reached via ping.
  • ip link show up is saying that the state is down enp1s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DEFAULT
  • ethtool enp1s0f1 -> Link detected: no
  • /sys/class/net/enp1s0f1/operstate -> down
  • ifup enp1s0f1 does not change the state of the interface
As I said: You can reach the GUI of Proxmox via both public IPs.

This is making me crazy
 
And? The problem here is that I can access the GUI on an interface which, if you believe the system, is down. So, how can a system listen on an interface that is down? Furthermore, if the interface is indeed not down: why can’t VMs connected to vmbr1 reach the internet?
 
oh sorry, read too fast, don't see one port were connected.
I'm not expert but isn't ip_forward cause ? compare with echo 0 > /proc/sys/net/ipv4/ip_forward
 
Configuration is based on the tips given in the Proxmox Admin Guide: https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_flexible_networking

Here is how they did it:
Code: 
auto eno1
#real IP address
iface eno1 inet static
        address  198.51.100.5/24
        gateway  198.51.100.1

auto vmbr0
#private sub network
iface vmbr0 inet static
        address  10.10.10.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE
 
disabling temporary ip_forward is just to diagnose, it will break MASQUERADE/NAT as expected.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom