Proxmox8.4.1bridge with nat - no internet

G

geogarin

New Member
Jul 15, 2025
2
0
1
Hello
I've setup Proxmox 8.4.1 on mini PC. Connected it with the cable to my home router, assigned ip=192.168.31.222. Setup lxc container with wireguard vpn and vm with win10 (both on the same default bridge vmbr0 (and in the same network 192.168.31.0/24)). After my setup i could to connect via VPN to proxmox host (10.0.0.1:8006) and to win10 vm by rdp.
After that i thought that this is not secured enough and decided to separate VM and LXC into networks 192.168.101.0/24 and 192.168.100.0/24. Created 2 additional bridges vmbr1 and vmbr2. Now i have no internet on Win10 (same on LXC). I really don't understand how to fix it.
Plase help!)
Host networks:
1752568306680.png

interfaces file:
1752568363608.png


iptables:
1752568418178.png

ip addr
1752568458958.png

ip route
1752568528594.png

VM configuration:
1752570291664.png

1752570340578.png

What i have on win10 vm:
1752570439003.png

What is wrong in my configuration?
What else should i check to make it works?
 
Hey,

hmmm, could try setting the source address explicitly with -j SNAT, should look something like this:
Code: 
    post-up iptables -t nat -A POSTROUTING -s '192.168.101.0/24' -o vmbr0 -j SNAT --to-source 192.168.31.222
    post-down iptables -t nat -D POSTROUTING -s '192.168.101.0/24' -o vmbr0 -j SNAT --to-source 192.168.31.222
-j MASQUERADE should work though. Are other VMs on 192.168.101.0/24 reachable by the Windows VM?
 
Hannes Laimer said:
Hey,

hmmm, could try setting the source address explicitly with -j SNAT, should look something like this:
Code: 
    post-up iptables -t nat -A POSTROUTING -s '192.168.101.0/24' -o vmbr0 -j SNAT --to-source 192.168.31.222
    post-down iptables -t nat -D POSTROUTING -s '192.168.101.0/24' -o vmbr0 -j SNAT --to-source 192.168.31.222
-j MASQUERADE should work though. Are other VMs on 192.168.101.0/24 reachable by the Windows VM?
Click to expand...
Thank you for reply

Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual

iface enp3s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.31.222/24
        gateway 192.168.31.1
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address 192.168.100.5/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '192.168.100.0/24' -o eno1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.100.0/24' -o eno1 -j MASQUERADE

auto vmbr2
iface vmbr2 inet static
        address 192.168.101.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        #post-up iptables -t nat -A POSTROUTING -s '192.168.101.0/24' -o vmbr0 -j MASQUERADE
        #post-down iptables -t nat -D POSTROUTING -s '192.168.101.0/24' -o vmbr0 -j MASQUERADE
        post-up iptables -t nat -A POSTROUTING -s '192.168.101.0/24' -o vmbr0 -j SNAT --to-source 192.168.31.222
        post-down iptables -t nat -D POSTROUTING -s '192.168.101.0/24' -o vmbr0 -j SNAT --to-source 192.168.31.222

iface wlp4s0 inet manual

source /etc/network/interfaces.d/*

It didn't help (rebooted host & vm of course)

Are other VMs on 192.168.101.0/24 reachable by the Windows VM?
I have only one VM
 
Well, just create a second one :)

Maybe a Linux based one, might help rule out windows as the problem.
 
You must log in or register to reply here.
Top Bottom