PVE dns problem

F

fdaforno

New Member
Apr 19, 2020
2
0
1
45
Hi all

Days ago i've installed PvE on hetzner server within 2 VMS: the first one is ubuntu-desktop and the second is Windows 2019.

to do that i've configured 2 different bridge
  • vmbr0 is dedicated to Linux os
  • vmbr1 is dedicated to a windows machine
unfortunately, I am not able to surf internet from the windows VMS and after a couple of hours i fond that Linux it's working because the DNS query will be done by TCP 53 request instead of windows that use UDP 53


my network interface is like this
Code: 
auto enp4s0
iface enp4s0 inet static
  address x.x.x.x
  netmask 255.255.255.224
  gateway y.y.y.y
  up route add -net x.x.x.x netmask 255.255.255.224 gw y.y.y.y dev enp4s0


auto vmbr0
iface vmbr0 inet static
        # Private Linux
        address 192.168.100.254/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward

auto vmbr1
iface vmbr1 inet static
        #Private Windows
        address 192.168.200.254/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward



IPTABLES are like this

Code: 
#############################
## FLUSH
############################
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X

##############################
##         INPUT            ##
##############################

iptables -P INPUT DROP

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -m comment --comment "accept established traffic in input"

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -i enp4s0 -p tcp -m tcp --dport 22 -j ACCEPT -m comment --comment "allow ssh"

#############################
##         OUTPUT          ##
#############################

iptables -P OUTPUT DROP

iptables -A OUTPUT -o lo -j ACCEPT


iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp --dport 53 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT


#############################
##      POST ROUTING       ##
#############################

# LINUX VM
iptables -t nat -A POSTROUTING -s '192.168.100.0/24' -o enp4s0 -j MASQUERADE -m comment --comment "MASQ out traffic from VM"
# WINDOWS VM
iptables -t nat -A POSTROUTING -s '192.168.200.0/24' -o enp4s0 -j MASQUERADE


did you have any suggest??? Thanks
 
You must log in or register to reply here.
Top Bottom