Second interface on Container with external IP?

J

jsieler

Member
Oct 18, 2019
21
0
6
37
Hello!

I have following setup on host machine:
- eth1 - main interface
- eth2 - vRack interface
- vmbr0 - bridge to main interface (main external IP)
- vmbr1 - bridge to vRack interface (multiple external IPs available)
- vmbr2 - internal network (176.12.0.1 host IP)
- wg0 - wireguard interface (10.0.0.1 host IP)

Now i add new container and add two new interfaces to it:
- eth0 - with IP 172.16.0.2/24
- eth1 - with additional external IP (1.2.3.4 for example)

The problem is, i can't ping both. Either eth0 or eth1 is only working. How can i make with interfaces work at same time, so i can ping/work with 172.16.0.2 and 1.2.3.4 for same time?

What i want is, when i do:

ping google.com - it should ping over main eth0 interface
ping -S 1.2.3.4 google.com - it should ping over eth1 interface

Is that tpossible? I probably miss some routings, but can't figure which.

Thanks!
 
jsieler said:
I have following setup on host machine:
- eth1 - main interface
- eth2 - vRack interface
- vmbr0 - bridge to main interface (main external IP)
- vmbr1 - bridge to vRack interface (multiple external IPs available)
- vmbr2 - internal network (176.12.0.1 host IP)
- wg0 - wireguard interface (10.0.0.1 host IP)

Now i add new container and add two new interfaces to it:
- eth0 - with IP 172.16.0.2/24
- eth1 - with additional external IP (1.2.3.4 for example)

The problem is, i can't ping both. Either eth0 or eth1 is only working. How can i make with interfaces work at same time, so i can ping/work with 172.16.0.2 and 1.2.3.4 for same time?

What i want is, when i do:

ping google.com - it should ping over main eth0 interface
ping -S 1.2.3.4 google.com - it should ping over eth1 interface

Is that tpossible? I probably miss some routings, but can't figure which.
Click to expand...
Assuming you man "ping -I" (instead of "ping -S") :

I sets the source address to that value, but does not necessarily mean that the assigned interface is uses. The interface is always selected by the routing table based on destination IP. That means: always the same interface is used in the above case (determined by google.com).

In there is no answer in one case it is caused by that the local IP (or the NAT router's one if there is any between) cannot be reached by destination.

For detail's the current routing table has to be verified whether it is correct, run
Code: 
ip route
 
Also, depending on which interface i create first, internal or external, it looks like...

Internal first:
Code: 
default via 172.16.0.1 dev eth0 onlink
XXX.XXX.236.0/27 dev eth1 proto kernel scope link src XXX.XXX.236.10
172.16.0.0/24 dev eth0 proto kernel scope link src 172.16.0.23

External first:
Code: 
default via XXX.XXX.236.30 dev eth0 onlink
XXX.XXX.236.0/27 dev eth0 proto kernel scope link src XXX.XXX.236.11
172.16.0.0/24 dev eth1 proto kernel scope link src 172.16.0.24

Only first is accessible over network, also only first one. Which route do i need to create to make both work!?

Thanks!
 
The thing is, i can ping all internal IP and also external IP from one LXC to other and from host too... There is only no access from outside...
 
jsieler said:
Also, depending on which interface i create first, internal or external, it looks like...

Internal first:
Code: 
default via 172.16.0.1 dev eth0 onlink
XXX.XXX.236.0/27 dev eth1 proto kernel scope link src XXX.XXX.236.10
172.16.0.0/24 dev eth0 proto kernel scope link src 172.16.0.23

External first:
Code: 
default via XXX.XXX.236.30 dev eth0 onlink
XXX.XXX.236.0/27 dev eth0 proto kernel scope link src XXX.XXX.236.11
172.16.0.0/24 dev eth1 proto kernel scope link src 172.16.0.24

Only first is accessible over network, also only first one. Which route do i need to create to make both work!?

Thanks!
Click to expand...
Quite clear - in a normal case you can have only one default route.

If you want to have routing depending on source address (as you want to do it by specifying "-I") it is necessary to configure different routing tables (in the container). How to do so is explained here: https://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.simple.html

Again: you cannot select a certain interface directly where the ping-packets should be sent over - this is always determined by routing tables.
 
Richard said:
Quite clear - in a normal case you can have only one default route.

If you want to have routing depending on source address (as you want to do it by specifying "-I") it is necessary to configure different routing tables (in the container). How to do so is explained here: https://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.simple.html

Again: you cannot select a certain interface directly where the ping-packets should be sent over - this is always determined by routing tables.
Click to expand...
Thanks for your help! It's working! The only problem is, post-up is not working on Debian container when put inside /etc/network/interfaces...
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back