[SOLVED] routing vmbr1 unable to connect to internet, vmbr0 works

C

colston

New Member
Jun 13, 2024
2
1
1
hi, i would like to setup 2 networks. This is my home server.

My Home network is 192.168.10.0/24. I have vmbr0 set to this network. Although I would like to use vmbr1 with a network of 10.10.1.0/24.

I tried the following setup: (does not work)
Code: 
auto lo
iface lo inet loopback


auto enp11s0
iface enp11s0 inet manual
    dns-nameservers 1.1.1.1
    dns-search domain.name
# dns-* options are implemented by the resolvconf package, if installed


iface eno1 inet manual


auto vmbr0
iface vmbr0 inet static
    address 192.168.10.5/24
    gateway 192.168.10.1
    bridge-ports enp11s0
    bridge-stp off
    bridge-fd 0
    dns-nameservers    1.1.1.1

auto vmbr1
#private sub network
iface vmbr1 inet static
        address  10.10.1.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.1.0/24' -o enp11s0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.1.0/24' -o enp11s0 -j MASQUERADE

The network for the lxc is:
IP: 10.10.1.3/24
GATEWAY: empty
DNS: 1.1.1.1

After creating a lxc/vm they both cannot reach WAN (the internet). Am i perhaps doing something incorrectly ?

vmbr1 settings configured from https://pve.proxmox.com/wiki/Network_Configuration
 
Well, your container needs a gateway to reach any IP that is not in the 10.10.1.0/24 subnet.

Since you configured the right NAT rules on your Proxmox Host, you should set the LXC gateway to 10.10.1.1

Also you might have to set the output interface in the iftables-rule to vmbr0 instead of enp11s0 (I can never remember what the right one is when the interface acts as a bridge-port...)
 
Last edited:
  • Like
Reactions: colston
B.Otto said:
Well, your container needs a gateway to reach any IP that is not in the 10.10.1.0/24 subnet.

Since you configured the right NAT rules on your Proxmox Host, you should set the LXC gateway to 10.10.1.1

Also you might have to set the output interface in the iftables-rule to vmbr0 instead of enp11s0 (I can never remember what the right one is when the interface acts as a bridge-port...)
Click to expand...

its vmbr0 just tested it now. Works with vmbr0 not with enp11s0
 
  • Like
Reactions: B.Otto
B.Otto said:
Also you might have to set the output interface in the iftables-rule to vmbr0 instead of enp11s0 (I can never remember what the right one is when the interface acts as a bridge-port...)
Click to expand...

colston said:
its vmbr0 just tested it now. Works with vmbr0 not with enp11s0
Click to expand...

Hi,
to give some context: MASQUERADE will rewrite the source IP address of the packet, so in your case vmbr0 works because the IP address is set there and not on enp11s0, since the latter has no IP address assigned.

For others to find: An example with the IP address assigned directly on the interface can be found in the docs, if that is desired/required, see https://pve.proxmox.com/pve-docs/pve-admin-guide.html#sysadmin_network_masquerading
 
Last edited:
  • Like
Reactions: B.Otto
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back