Proxmox V3.1 - OpenVZ setting up VLAN interface

[Torque]

Hi,
I've bought dedicated from OVH and got Proxmox V3.x installed, but I can't sort out how should I configure my Interfaces so my OpenVZ containter can connect to any external host.

My Proxmox machine have vmbr2 interface created:

vmbr2     Link encap:Ethernet  HWaddr 66:f5:36:bc:c6:dc  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::8c75:81ff:fe9f:771b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:478 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:20734 (20.2 KiB)

Above is done using config in /etc/networking/interfaces:

auto vmbr2
iface vmbr2 inet static
    address 192.168.1.1
    netmask 255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE

My OpenVZ containter have bridge interface set up like this:


However if I enter to my VM I see only loopback interface:

voli@secahost:~$ sudo vzctl enter 101
entered into CT 101
root@secb:/# ifconfig
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:568 (568.0 B)  TX bytes:568 (568.0 B)

How should I set up that properly? I didn't find fresh info for Proxmox 3.x.
I would appreciate if someone can point me to correct wiki/tuts.

 

[wahmed]

I dont think you can Masquearde a bridge(vmbr2) using another bridge(vmbr0). It should be something like

-o eth0 -j MASQUERADE

 

[screenie]

bridge_ports none

your bridge is not bound to any interface;

on the cli you can verify that with 'brctl show'

 

[wahmed]

your bridge is not bound to any interface;

on the cli you can verify that with 'brctl show'

I dont think the bridge needs to be bounded to any interface. Thats where the post-up entries come in. This is the setup for NAT.

 

[screenie]

If you don't bind your bridge to a physical interface your network packets will not leave your host;
He is performing NAT on the bridge, where all hosts from 192.168.1.0/24 should be NATted to 192.168.1.1 which is on the same Layer-2 network, so if it's not working with any ip in 192.168.1.0/24 it will not work with 192.168.1.1 either

when you create a lab scenario where traffic should be isolated to vm's connected to the same bridge i would do it that way;

 

[pirateghost]

When using VMBR on a container, you have to configure the ethernet device inside the container. It won't show in ifconfig until it has been created (/etc/network/interfaces in a debian based container, etc)