Regular networking bridge stops working after setting up Proxmox SDN

[IT_guy]

I have a pve 8 standalone node that came with the regular vmbr0 and vmbr1 bridges. When creating VMs and attaching them to these bridges everything works perfectly. I decided to use Proxmox SDN to have better native control over my subnet configuration.
For this, I have done as the docs said: disable the global dnsmasq and started the dnsmasq@zone unit. This works perfectly for the SDN subnets with DHCP and DNS functioning correctly.
The problem is that VMs and CTs attached to the regular bridges stopped having DHCP and even when statically assigning IPs they still do not have networking. What could be the peoblem ?

 

[shanreich]

Please post the output of the following files (in code tags for better readability):

cat /etc/network/interfaces
cat /etc/network/interfaces.d/sdn

 

[IT_guy]

Sure. Just to highlight my use case more clearly: All SDN virtual networks are working perfectly, I have a port forwarding made on vmbr0 since it is the bridge to the public network and it is working perfectly (The internal forwarded to host is on the SDN) and I do need to attach an OPNsense to vmbr0 to use it as a firewall and to create an ipsec tunnel. Thank you !

# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

iface ens3f0np0 inet manual

auto vmbr0
iface vmbr0 inet static
    address [PUBLIC_PROVIDER_IPv4_REDACTED]
    gateway [PUBLIC_PROVIDER_GW_REDACTED]
    bridge-ports ens3f0np0
    bridge-stp off
    bridge-fd 0
    hwaddress [MAC_REDACTED]
    post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport [PORT_REDACTED] -j DNAT --to [IP:PORT_REDACTED]
    post-down iptables -t nat -D PREROUTING -i vmbr0 -p udp --dport [PORT_REDACTED] -j DNAT --to [IP:PORT_REDACTED]
iface vmbr0 inet6 static
    address [PUBLIC_PROVIDER_IPv6_REDACTED]
    gateway [PUBLIC_PROVIDER_GW_REDACTED]

auto vmbr1
iface vmbr1 inet static
    address 192.168.16.1
    netmask 255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0

#version:20

auto vneta
iface vneta
    address 10.0.2.1/24
    post-up iptables -t nat -A POSTROUTING -s '10.0.2.0/24' -o vmbr0 -j SNAT --to-source [PUBLIC_PROVIDER_IP_REDACTED]
    post-down iptables -t nat -D POSTROUTING -s '10.0.2.0/24' -o vmbr0 -j SNAT --to-source [PUBLIC_PROVIDER_IP_REDACTED]
    post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
    post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    ip-forward on

auto vnetb
iface vnetb
    address 10.0.1.1/24
    post-up iptables -t nat -A POSTROUTING -s '10.0.1.0/24' -o vmbr0 -j SNAT --to-source [PUBLIC_PROVIDER_IP_REDACTED]
    post-down iptables -t nat -D POSTROUTING -s '10.0.1.0/24' -o vmbr0 -j SNAT --to-source [PUBLIC_PROVIDER_IP_REDACTED]
    post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
    post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    ip-forward on

auto vnetc
iface vnetc
    address 10.0.0.1/24
    post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j SNAT --to-source [PUBLIC_PROVIDER_IP_REDACTED]
    post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j SNAT --to-source [PUBLIC_PROVIDER_IP_REDACTED]
    post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
    post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    ip-forward on

 

[IT_guy]

Update: Tried launching the global dnsmasq on interface vmbr0 with the bind-dynamic option and a specified DHCP range, still the same problem.