SDN + iptables does not work

K

kriks

Member
Nov 14, 2021
8
0
6
41
Hi all.
I noticed that after setting up SDN iptables does not work
photo_2024-03-12_11-16-49.jpg
How to make SDN and iptables work?
 
shanreich said:
Looks like a syntax error in your interfaces file - can you post the contents?
Click to expand...

root@pve6:/etc/network/interfaces.d# cat sdn
#version:20

auto local
iface local
address 192.168.30.1/24
post-up iptables -t nat -A POSTROUTING -s '192.168.30.1/24' -o vmbr0 -j SNAT --to-source 192.168.255.168
post-down iptables -t nat -D POSTROUTING -s '192.168.30.1/24' -o vmbr0 -j SNAT --to-source 192.168.255.168
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
bridge_ports none
bridge_stp off
bridge_fd 0
alias local
ip-forward on
root@pve6:/etc/network/interfaces.d#


I create SDN via the web
Virtual Environment 8.1.4
 
Last edited:
Where is the error message coming from? This doesn't look like the Proxmox Web UI.
What's the content of /etc/network/interfaces itself?
 
Last edited:
shanreich said:
Where is the error message coming from? This doesn't look like the Proxmox Web UI.
What's the content of /etc/network/interfaces itself?
Click to expand...
This is the WEBMIN interface. iptables management.
I want to use the standard Debian firewall
 
How does the regular /etc/network/interfaces look like?
 
shanreich said:
How does the regular /etc/network/interfaces look like?
Click to expand...
Code: 
root@pve6:/etc/network# cat interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface enp5s0f0 inet manual

iface enp7s0f0 inet manual

iface enp7s0f1 inet manual

iface enp5s0f1 inet manual

auto vmbr0
iface vmbr0 inet static
    address 192.168.255.168/24
    gateway 192.168.255.1
    bridge-ports enp5s0f0
    bridge-stp off
    bridge-fd 0

auto vmbr1
iface vmbr1 inet static
    address 192.168.25.1/24
    bridge-ports none
    bridge-stp off
    bridge-fd 0

source /etc/network/interfaces.d/*
root@pve6:/etc/network#
 
Configuration files are looking good afaict. Does ifreload -a -v show any errors? If it doesn't, then I suspect Webmin itself has some issues with parsing the configuration file so I'd try and ask there?
 
shanreich said:
Configuration files are looking good afaict. Does ifreload -a -v show any errors? If it doesn't, then I suspect Webmin itself has some issues with parsing the configuration file so I'd try and ask there?
Click to expand...
Code: 
root@pve6:~# ifreload -a -v
info: requesting link dump
info: requesting address dump
info: requesting netconf dump
info: loading builtin modules from ['/usr/share/ifupdown2/addons']
info: module openvswitch not loaded (module init failed: no /usr/bin/ovs-vsctl f                                                                                                                 ound)
info: module openvswitch_port not loaded (module init failed: no /usr/bin/ovs-vs                                                                                                                 ctl found)
info: module ppp not loaded (module init failed: no /usr/bin/pon found)
info: module batman_adv not loaded (module init failed: no /usr/sbin/batctl foun                                                                                                                 d)
info: executing /sbin/sysctl net.bridge.bridge-allow-multiple-vlans
info: module mstpctl not loaded (module init failed: no /sbin/mstpctl found)
info: executing /bin/ip rule show
info: executing /bin/ip -6 rule show
info: address: using default mtu 1500
info: address: max_mtu undefined
info: executing /sbin/sysctl net.ipv6.conf.all.accept_ra
info: executing /sbin/sysctl net.ipv6.conf.all.autoconf
info: executing /usr/sbin/ip vrf id
info: mgmt vrf_context = False
info: executing /bin/ip addr help
info: address metric support: OK
info: module ppp not loaded (module init failed: no /usr/bin/pon found)
info: module mstpctl not loaded (module init failed: no /sbin/mstpctl found)
info: module batman_adv not loaded (module init failed: no /usr/sbin/batctl foun                                                                                                                 d)
info: module openvswitch_port not loaded (module init failed: no /usr/bin/ovs-vs                                                                                                                 ctl found)
info: module openvswitch not loaded (module init failed: no /usr/bin/ovs-vsctl f                                                                                                                 ound)
info: looking for user scripts under /etc/network
info: loading scripts under /etc/network/if-pre-up.d ...
info: loading scripts under /etc/network/if-up.d ...
info: loading scripts under /etc/network/if-post-up.d ...
info: loading scripts under /etc/network/if-pre-down.d ...
info: loading scripts under /etc/network/if-down.d ...
info: loading scripts under /etc/network/if-post-down.d ...
info: 'link_master_slave' is set. slave admin state changes will be delayed till                                                                                                                  the masters admin state change.
info: using mgmt iface default prefix eth
info: processing interfaces file /etc/network/interfaces
info: processing interfaces file /etc/network/interfaces.d/sdn
info: no interfaces to down ..
info: reload: scheduling up on interfaces: ['lo', 'vmbr0', 'vmbr1', 'local']
info: lo: running ops ...
info: executing /sbin/sysctl net.mpls.conf.lo.input=0
info: executing /etc/network/if-up.d/000resolvconf
info: executing /etc/network/if-up.d/postfix
info: executing /etc/network/if-up.d/chrony
info: enp5s0f0: running ops ...
info: vmbr0: applying bridge port configuration: ['enp5s0f0']
info: vrf: syncing table map to /etc/iproute2/rt_tables.d/ifupdown2_vrf_map.conf
info: vrf: dumping iproute2_vrf_map
info: {}
info: executing /sbin/sysctl net.mpls.conf.enp5s0f0.input=0
info: executing /etc/network/if-up.d/000resolvconf
info: executing /etc/network/if-up.d/postfix
info: executing /etc/network/if-up.d/chrony
info: vmbr0: running ops ...
info: vmbr0: bridge already exists
info: vmbr0: applying bridge settings
info: vmbr0: reset bridge-hashel to default: 4
info: reading '/sys/class/net/vmbr0/bridge/stp_state'
info: vmbr0: netlink: ip link set dev vmbr0 type bridge (with attributes)
info: vmbr0: port enp5s0f0: already processed
info: vmbr0: applying bridge configuration specific to ports
info: vmbr0: processing bridge config for port enp5s0f0
info: bridge mac is already inherited from enp5s0f0
info: executing /sbin/sysctl net.mpls.conf.vmbr0.input=0
info: writing '0' to file /proc/sys/net/ipv4/conf/vmbr0/arp_accept
info: executing /bin/ip route replace default via 192.168.255.1 proto kernel dev                                                                                                                  vmbr0 onlink
info: executing /etc/network/if-up.d/000resolvconf
info: executing /etc/network/if-up.d/postfix
info: executing /etc/network/if-up.d/chrony
info: vmbr1: running ops ...
info: vmbr1: bridge already exists
info: vmbr1: applying bridge settings
info: vmbr1: reset bridge-hashel to default: 4
info: reading '/sys/class/net/vmbr1/bridge/stp_state'
info: vmbr1: netlink: ip link set dev vmbr1 type bridge (with attributes)
info: executing /sbin/sysctl net.mpls.conf.vmbr1.input=0
info: writing '0' to file /proc/sys/net/ipv4/conf/vmbr1/arp_accept
info: executing /etc/network/if-up.d/000resolvconf
info: executing /etc/network/if-up.d/postfix
info: executing /etc/network/if-up.d/chrony
info: local: running ops ...
info: local: bridge already exists
info: local: applying bridge settings
info: local: reset bridge-hashel to default: 4
info: local: reset bridge-hashmax to default: 512
info: reading '/sys/class/net/local/bridge/stp_state'
info: local: netlink: ip link set dev local type bridge (with attributes)
info: executing /sbin/sysctl net.mpls.conf.local.input=0
info: writing '0' to file /proc/sys/net/ipv4/conf/local/arp_accept
info: executing /etc/network/if-up.d/000resolvconf
info: executing /etc/network/if-up.d/postfix
info: executing /etc/network/if-up.d/chrony
info: executing iptables -t nat -A POSTROUTING -s '192.168.30.1/24' -o vmbr0 -j                                                                                                                  SNAT --to-source 192.168.255.168
info: executing iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
info: exit status 0
root@pve6:~#
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back