[SOLVED] Router on a stick with single public ip help needed!

[Xupack]

Edit:
Solution

---

Hi,

I have for a couple of days tried to replicate in Proxmox my bare-metal Debian router setup that serves DHCP and DNS through dnsmasq for my LAN machines. Problem is that I can't get my Ubuntu container to connect to internet no matter what I put in /etc/network/interfaces. Proxmox host gets public IP address from ISP to vmbr0.99 interface and can connect to internet. Any help is greatly appreciated!


Physical setup:



Proxmox VLAN setup is from this video: Proxmox VLANs Single NIC

Proxmox /etc/network/interfaces, masquerading and forwarding are missing because I don't know what to put and where:

auto lo
iface lo inet loopback

# Physical interface
auto enp3s0
iface enp3s0 inet manual

auto vmbr0
iface vmbr0 inet static
        bridge-ports enp3s0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

# LAN
auto vmbr0.10
iface vmbr0.10 inet static
        address 10.88.10.5/24

# WAN
auto vmbr0.99
iface vmbr0.99 inet dhcp

Proxmox Network:


Switch setup:

 

[bobmc]

The router port (number 2 in your diagram) needs to be tagged for both vlan99 and vlan10

 

[Xupack]

The router port (number 2 in your diagram) needs to be tagged for both vlan99 and vlan10

It's tagged and router setup works in bare-metal Linux installation. I just need the right masquerade rules and whatnot, but I can't just wrap my head around it. Just for clarification, I want to have simultaneous internet connection for host and router-ct, if I release the public ip from vmbr0.99 on host and setup router-ct like below I have internet on router-ct:

 

[Xupack]

I will leave the solution here in case it helps anyone in the future:

Proxmox's network configuration:


Proxmox's /etc/network/interfaces:

# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

auto enp3s0
iface enp3s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address 10.88.10.1
        bridge-ports enp3s0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 10 99

auto vmbr0.10
iface vmbr0.10 inet static
        address 10.88.10.2/24
        gateway 10.88.10.1
#Management

Router vm's network configuration:


Router vm's /etc/network/interfaces:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# WAN
auto ens19
iface ens19 inet dhcp

# LAN
auto ens18
iface ens18 inet static
        address 10.88.10.3/24
        gateway 10.88.10.1

Router vm's iptables:

*nat
-A POSTROUTING -o ens19 -j MASQUERADE
COMMIT
*filter
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i ens18 -j ACCEPT
-A INPUT -m conntrack -i ens19 --ctstate ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i ens18 -o ens19 -j ACCEPT
-A FORWARD -m conntrack -i ens19 -o ens18 --ctstate ESTABLISHED,RELATED -j ACCEPT
COMMIT
*mangle
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
COMMIT

Switch configuration:

 

[xheezy]

I'm trying to do the same thing! I have been banging my head on how to get this to work. It makes me question my understanding of VLANs lol. Maybe the subinterfaces on the proxmox is the one im missing. I'll report back with my findings