[SOLVED] Trying to configure SDN on a VPS

[pheitman]

I have tried for a couple of days to get this working. I'm following https://pve.proxmox.com/wiki/Setup_Simple_Zone_With_SNAT_and_DHCP. It seems straight forward. The result is a working system in terms of DHCP, but I can't reach beyond the host for any IP traffic. That is, I can ping the gateway and I can ping the host IP but I can't ping 8.8.8.8. I have recreated the system several times hoping that I just made a mistake but that doesn't seem to be the issue. I'm wondering if it could be because I am hosting PVE on a cloud VPS. That's the variable I'm worried about. Here are my /etc/network/interfaces and /etc/network/interfaces.d/sdn in case someone can spot something I did wrong:

/etc/network/interfaces:

# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
        address ***.***.***.***/21
        gateway ***.***.***.1
        bridge-ports eth0
        bridge-stp off
        bridge-fd 0

iface vmbr0 inet6 static
        address ****:****:****:****:****:****:****:****/64
        gateway ****::1

source /etc/network/interfaces.d/*

###################################################

/etc/network/interfaces.d/sdn:

#version:1

auto vnet0
iface vnet0
        address 192.168.40.1/24
        post-up iptables -t nat -A POSTROUTING -s '192.168.40.0/24' -o vmbr0 -j SNAT --to-source ***.***.***.***
        post-down iptables -t nat -D POSTROUTING -s '192.168.40.0/24' -o vmbr0 -j SNAT --to-source ***.***.***.***
        post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        ip-forward on

[Edit]: The original interfaces had a line for eth0 that updated iptables

up ip route replace ***.***.***.0/21 via ***.***.***.1 dev eth0

Since the gateway was already specified, I removed this line before installing proxmox and creating the bridge. After creating the SDN with dhcp enabled, now my containers can get a local ip address yet still access the internet. That seemed to be enough to get things to work the way I expected.

 

[shanreich]

Is IP forwarding properly enabled?

cat /proc/sys/net/ipv4/ip_forward

 

[pheitman]

Is IP forwarding properly enabled?

cat /proc/sys/net/ipv4/ip_forward

Yes, port forwarding is enabled at the container and at the host.

I recreated this by installing proxmox on a Debian 12 VM on proxmox. That works as expected. I haven't figured out what could be different between the two environments.

 

[shanreich]

How does the NAT table look like?

iptables -t nat -L

 

[pheitman]

Thank you for the quick reply. I am currently traveling and won't be able to check this for a while...