I have server with proxmox and 2 public IPs. All VMs are behind NAT now and it works. But for new VM I need to assign public IP. I tried to create second bridge with second public IP and I have access to proxmox server via this IP. Then I tried to create VM and assign interface to new bridge. And it does not work. Also I tried to change MAC of my VM to MAC of vmbr1 (I've seen this trick somewhere)
When I listen to traffic on vmbr1, I get
19:37:11.636087 *:*0e:f3:05:c6 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has *.*.*.129 tell *.*.*.141, length 28
19:37:11.636664 *:*:ca:8d:22:79 > *:*:0e:f3:05:c6, ethertype ARP (0x0806), length 60: Reply *.*.*.129 is-at *:*:ca:8d:22:79, length 46
On tap interface and VM I see only ARP requests. "*:*:0e:f3:05:c6" is MAC of my VM and vmbr1. I've already enabled proxy_arp on vmbr1 (ip_forwarding too of course)
So I don't understand why bridge is working only for VM->gateway and doesn't send APR replies to VM.
I have the following configuration:
auto enp0s31f6
iface enp0s31f6 inet static
address *.*.*.178
netmask 255.255.255.192
gateway *.*.*.129
up route add -net *.*.*.128 netmask 255.255.255.192 gw *.*.*.129 dev enp0s31f6
auto vmbr0
iface vmbr0 inet static
address 192.168.85.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
<NAT rules>
auto vmbr1
iface vmbr1 inet static
address *.*.*.141
netmask 255.255.255.192
bridge_ports enp0s31f6
bridge_stp off
bridge_fd 0
When I listen to traffic on vmbr1, I get
19:37:11.636087 *:*0e:f3:05:c6 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has *.*.*.129 tell *.*.*.141, length 28
19:37:11.636664 *:*:ca:8d:22:79 > *:*:0e:f3:05:c6, ethertype ARP (0x0806), length 60: Reply *.*.*.129 is-at *:*:ca:8d:22:79, length 46
On tap interface and VM I see only ARP requests. "*:*:0e:f3:05:c6" is MAC of my VM and vmbr1. I've already enabled proxy_arp on vmbr1 (ip_forwarding too of course)
So I don't understand why bridge is working only for VM->gateway and doesn't send APR replies to VM.
I have the following configuration:
auto enp0s31f6
iface enp0s31f6 inet static
address *.*.*.178
netmask 255.255.255.192
gateway *.*.*.129
up route add -net *.*.*.128 netmask 255.255.255.192 gw *.*.*.129 dev enp0s31f6
auto vmbr0
iface vmbr0 inet static
address 192.168.85.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
<NAT rules>
auto vmbr1
iface vmbr1 inet static
address *.*.*.141
netmask 255.255.255.192
bridge_ports enp0s31f6
bridge_stp off
bridge_fd 0