Proxmox VMs with single IP

G

Geit

New Member
Feb 27, 2016
4
0
1
28
So I don't know much about the bridges and all, but I looked around and tried to get it still working. I've got one IP for the server itself and I thought to use second IP on the VMs. I thought I did all correctly but it seems that there is no internet connection and can't ping to anywhere it seems so I am looking for help, maybe someone who knows more about networking can tell me where I got it all wrong.

On proxmox webgui the bridge selected for VM is vmbr2

Main machine (which has proxmox installed):

/etc/network/interfaces
Code: 
auto lo
iface lo inet loopback

auto vmbr0
iface vmbr0 inet static
        address xx.xx.xx.67
        netmask 255.255.255.224
        gateway xx.xx.xx.65
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

auto vmbr1
iface vmbr1 inet static
        address xx.xx.xx.68
        netmask 255.255.255.224
        gateway xx.xx.xx.65
        dns-nameservers 8.8.8.8 8.8.4.4
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0


auto vmbr2
iface vmbr2 inet static
        address 192.168.0.1
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o vmbr1 -j MASQUERADE
        # VM-01
        post-up iptables -t nat -A PREROUTING -i vmbr1 -p tcp --dport 9987 -j DNAT --to 192.168.0.2:9987
        post-down iptables -t nat -D PREROUTING -i vmbr1 -p tcp --dport 9987 -j DNAT --to 192.168.0.2:9987

VM (OS is CentOS 7):

CN6vk.png


Thank you, all help is appreciated.
 
Some more info: I can ping the VM (192.168.0.2) from main server machine and from VM I can ping 192.168.0.1 and xx.xx.xx.67, but I don't have any internet connection still (can't ping any other addresses)
 
Last edited:
try this
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o vmbr0 -j SNAT --to-source xx.xx.xx.67
 
Hey, thanks for trying to help, but this still doesn't give me any internet access :(

Code: 
auto lo
iface lo inet loopback

#iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
    address xx.xx.xx.67
    netmask 255.255.255.224
    gateway xx.xx.xx.65
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0

#auto vmbr1
#iface vmbr1 inet static
#    address xx.xx.xx.68
#    netmask 255.255.255.224
#    gateway xx.xx.xx.65
#    dns-nameservers 8.8.8.8 8.8.4.4
#    bridge_ports eth0
#    bridge_stp off
#    bridge_fd 0


auto vmbr2
iface vmbr2 inet static
    address 192.168.0.1
    netmask 255.255.255.0
    network 192.168.0.0
    #broadcast 192.168.0.255
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    #post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    #post-up echo 1 > /proc/sys/net/ipv4/conf/vmbr1/forwarding
    #post-up echo 1 > /proc/sys/net/ipv4/conf/vmbr2/forwarding
    iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o vmbr0 -j SNAT --to-source xx.xx.xx.67
    #post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr1 -j MASQUERADE
    #post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o vmbr1 -j MASQUERADE
    # VM-01 APP
    #post-up iptables -t nat -A PREROUTING -i vmbr1 -p tcp --dport 9987 -j DNAT --to 192.168.0.2:9987
    #post-down iptables -t nat -D PREROUTING -i vmbr1 -p tcp --dport 9987 -j DNAT --to 192.168.0.2:9987
 
Try with this
  • iface eth0 inet manual
  • comment all iptables rules from /etc/network/interfaces
  • reboot your server
  • openn shh and paste this
    iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o vmbr0 -j SNAT --to-source xx.xx.xx.67
It shuld be fine
 
Sentellio said:
Try with this
  • iface eth0 inet manual
  • comment all iptables rules from /etc/network/interfaces
  • reboot your server
  • openn shh and paste this
    iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o vmbr0 -j SNAT --to-source xx.xx.xx.67
It shuld be fine
Click to expand...
I once commented out some stuff and later had no connection to the server anymore (had to contact server manager to redo my iptables and get it all up again) - this shouldn't do this, right? I really do not want to lose connection to the whole system again

EDIT: also, when I comment out vmbr2 then I should select in proxmox webGUI vmbr0 for that machine? And what network mask and gateway should I select for it, then?
 
Last edited:
I did the following on my providers root server and got a wonderful setup with one external and one internal IP/subnet (edit: server has a singleport NIC):

Code: 
auto lo
iface lo inet loopback

auto  eth0
iface eth0 inet static
        address         a.b.c.d
        netmask         255.255.255.255
        pointopoint     aa.bb.cc.dd
        gateway         aa.bb.cc.dd

auto vmbr0
iface vmbr0 inet static
        address         192.168.x.y
        netmask         255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0
aa.bb.cc.dd at pointopoint and gateway is the same IP.

And in /etc/sysctl.d/99-sysctl.conf:
Code: 
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.conf.all.proxy_arp=1
net.ipv4.conf.default.proxy_arp=1
# ipv6 settings (no autoconfiguration)
net.ipv6.conf.default.autoconf=0
net.ipv6.conf.default.accept_dad=0
net.ipv6.conf.default.accept_ra=0
net.ipv6.conf.default.accept_ra_defrtr=0
net.ipv6.conf.default.accept_ra_rtr_pref=0
net.ipv6.conf.default.accept_ra_pinfo=0
net.ipv6.conf.default.accept_source_route=0
net.ipv6.conf.default.accept_redirects=0
net.ipv6.conf.default.forwarding=0
net.ipv6.conf.all.autoconf=0
net.ipv6.conf.all.accept_dad=0
net.ipv6.conf.all.accept_ra=0
net.ipv6.conf.all.accept_ra_defrtr=0
net.ipv6.conf.all.accept_ra_rtr_pref=0
net.ipv6.conf.all.accept_ra_pinfo=0
net.ipv6.conf.all.accept_source_route=0
net.ipv6.conf.all.accept_redirects=0
net.ipv6.conf.all.forwarding=0

Maybe there was more to to do...can't remeber as I did this in 2013.
But help yourself with providers wiki at <http://wiki.hetzner.de/index.php/Proxmox_VE/en>.
Hope this helps.

If it is working to you (as an server on internet) don't forget to setup a firewall!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back