ProxMox VE installed on Debian 11, VM cannot connect to internet?

N

Nanja

New Member
Feb 6, 2023
17
0
1
I have 1 single IP, i want all VM's to use NAT
This is my
/etc/network/interfaces
Code: 
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

auto enp130s0f1
iface enp130s0f1 inet static
        address 170.39.***.***/23
        gateway 170.39.***.1
        dns-nameservers 1.1.1.1
        dns-search ****.com
# dns-* options are implemented by the resolvconf package, if installed

auto lo
iface lo inet loopback

auto eno1
#real IP address
iface eno1 inet static
        address  198.51.100.5/24
        gateway  198.51.100.1

auto vmbr0
#private sub network
iface vmbr0 inet static
        address  10.10.10.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE
        post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

This is what I have setup in the VM, since I wasn't sure what to put since DHCP doesn't work there.
Screenshot 2023-02-06 045216.png
I have also tried "Routed Configuration" and "Default Configuration using a Bridge" from Network Configuration . Those didn't work for me either.
 
Hello,

there are quite a few subnets and I can't get behind what you want to do. The VM is in the 192.51.100.* subnet, but your Proxmox does not have anything in that subnet. But then there is the 198.51.100.* subnet and a 10.10.10.* subnet. Feels like a lot of lines copied together from different guides? I suppose 170.39.*.* is the public IP of your proxmox host. Also you have two blocks for the loopback-interface lo.

So you just want all your VMs in a private network (connected to vmbr0 I suppose). The 10.10.10.0/24 subnet is good for that (note that 198.51.* is NOT a private subnet and should not be used, neither should 192.51.*.*).

First of all, put the VM in that subnet, give it for example
  • IP: 10.10.10.2
  • Subnet: 255.255.255.0
  • Gateway: 10.10.10.1
  • DNS: 8.8.8.8
and connect that VM interface to the bridge vmbr0.

Now, your Proxmox - holding that IP 10.10.10.1 - has to act as a gateway for that subnet. That means that you have to configure it like so:
Code: 
# route IP4 traffic
echo 1 > /proc/sys/net/ipv4/ip_forward

# NAT (Masquerade) traffic from your private net 10.10.10.0/24 that gets sent over your public interface enp130s0f1
iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o enp130s0f1 -j MASQUERADE
iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o enp130s0f1 -j MASQUERADE

I don't know much about the two fwbr+ lines, but they seem to be a fix for some issues that happen when you set 'firewall=1' on the VM interfaces (https://pve.proxmox.com/wiki/Network_Configuration#sysadmin_network_masquerading). I suggest you omit them for the time being and test it without first.

You then configure your interfaces-file so that on activation (ifup) of your vmbr0 you post these commands, and on deactivation (ifdown) these rules get removed. Overall that makes your interfaces-file look like this:

Code: 
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

auto enp130s0f1
iface enp130s0f1 inet static
        address 170.39.***.***/23
        gateway 170.39.***.1
        dns-nameservers 1.1.1.1
        dns-search ****.com
# dns-* options are implemented by the resolvconf package, if installed

auto eno1
iface eno1 inet manual

auto vmbr0
#private sub network
iface vmbr0 inet static
        address  10.10.10.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o enp130s0f1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o enp130s0f1 -j MASQUERADE

Then you should activate the new config with ifdown vmbr0; ifup vmbr0 (or just restart the server) and check if everything works.

Kind regards,
Benedikt
 
Last edited:
B.Otto said:
Kind regards,
Benedikt
Click to expand...
Thanks, everything works like it should now, that was fast. I have another question though? How can I ssh into the VM? I use the public IP and it brings me to the dedicated machine. Do I need to put the ssh on a different port in the VM to have that function or am I stuck with using console only?

Edit: Thanks! I figured it out
 
Last edited:
Nanja said:
Thanks, everything works like it should now, that was fast. I have another question though? How can I ssh into the VM? I use the public IP and it brings me to the dedicated machine. Do I need to put the ssh on a different port in the VM to have that function or am I stuck with using console only?
Click to expand...
Clients from outside connect to the public IP of your Proxmox, and don't know anything about the private network behind it.

If you really want to connect via SSH you need to configure port forwarding (destination NAT, DNAT), and you can't use the default SSH port 22, since that one is taken by your Proxmox host.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back