I have setup proxmox on a dedicated server. I currently have one vm running on a dedicated IP address that works as expected. But I had to setup few more VM's that do not need to be accessed from the outside and for this I decided to use a NAT.
While setting up the VM behind a NAT I discovered that the VM while having access to the network it doesn't have complete access to the internet. It can successfully ping the outside world and resolve hostnames, but it is not able to make outgoing requests (as an example) by using wget. These requests just time out. After a bit of debugging I also discovered that my host machine has the same exact issue.
My initial guess was that this was due to a firewall rule. After a bit of debugging I discovered that by default firewall is off on proxmox, so ended up enabling that. Although it changed nothing. I also thought that maybe it's a NAT config issues so ended up taking out vmbr1 interface and everything under it. This also didn't change anything, so I'm fairly certain that this is indeed a firewall issue, but unable to figure out what.
Does anyone have any ideas on what might be causing this?
Possibly relevant configs:
/etc/network/interfaces
/etc/pve/nodes/<name>/host.fw
While setting up the VM behind a NAT I discovered that the VM while having access to the network it doesn't have complete access to the internet. It can successfully ping the outside world and resolve hostnames, but it is not able to make outgoing requests (as an example) by using wget. These requests just time out. After a bit of debugging I also discovered that my host machine has the same exact issue.
My initial guess was that this was due to a firewall rule. After a bit of debugging I discovered that by default firewall is off on proxmox, so ended up enabling that. Although it changed nothing. I also thought that maybe it's a NAT config issues so ended up taking out vmbr1 interface and everything under it. This also didn't change anything, so I'm fairly certain that this is indeed a firewall issue, but unable to figure out what.
Does anyone have any ideas on what might be causing this?
Possibly relevant configs:
/etc/network/interfaces
Code:
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
iface lo inet6 loopback
auto enp41s0
iface enp41s0 inet manual
auto vmbr0
iface vmbr0 inet static
address <ip>
gateway <gateway>
bridge-ports enp41s0
bridge-stp off
bridge-fd 0
auto vmbr1
iface vmbr1 inet static
address 10.10.0.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.0.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.0.0/24' -o vmbr0 -j MASQUERADE
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1/etc/pve/nodes/<name>/host.fw
Code:
[OPTIONS]
enable: 1
[RULES]
IN ACCEPT -p tcp -log nolog
OUT ACCEPT -p tcp -log nolog