Two Outfacing IP and Two Internal Networks

Discussion in 'Proxmox VE: Networking and Firewall' started by JordanI, Oct 13, 2018.

  1. JordanI

    JordanI New Member

    Joined:
    Oct 13, 2018
    Messages:
    2
    Likes Received:
    0
    Hey everyone, I am working on a school project and I am a little stuck. I spent all day yesterday searching for tutorials and could not find anything that worked.

    My setup is:
    I have two internal networks, 10.0.01/24 and 10.0.1.1/24
    10.0.0.1 shares the same IP as the interface xxx.xxx.xxx.xxx (and works)
    10.0.1.1 should have another IP yyy.yyy.yyy.yyy

    I have gone through probably 100 configurations at this point, using different IPtables rules.

    I can easily get yyy.yyy.yyy.yyy pingable and use it on the host, it is on another subnet.


    Here is my config:

    Code:
    auto lo
    iface lo inet loopback
    
    iface eno1 inet manual
    
    iface eno2 inet manual
    
    iface eno3 inet manual
    
    iface eno4 inet manual
    
    auto vmbr0
    iface vmbr0 inet static
            address  199.83.xxx.xxx
            netmask  255.255.255.0
            gateway  199.83.xxx.1
            bridge_ports eno1
            bridge_stp off
            bridge_fd 0
    
    auto vmbr1
    iface vmbr1 inet static
            address  208.68.yyy.yyy
            netmask  255.255.255.0
            bridge_ports eno2
            bridge_stp off
            bridge_fd 0
    
    
    auto vmbr172
    iface vmbr172 inet static
            address  10.0.0.1
            netmask  255.255.255.0
            bridge_ports none
            bridge_stp off
            bridge_fd 0
            post-up echo 1 > /proc/sys/net/ipv4/ip_forward
            post-up iptables -t nat -A POSTROUTING -s '10.0.0.1/24' -o vmbr0 -j MASQUERADE
            post-down iptables -t nat -D POSTROUTING -s '10.0.0.1/24' -o vmbr0 -j MASQUERADE
    
    
    auto vmbr63
    iface vmbr63 inet static
            address  10.0.1.1
            netmask  255.255.255.0
            bridge_ports none
            bridge_stp off
            bridge_fd 0
            post-up iptables -t nat -A POSTROUTING -s '10.0.1.1/24' -o vmbr1 -j MASQUERADE
            post-down iptables -t nat -D POSTROUTING -s '10.0.1.1/24' -o vmbr1 -j MASQUERADE
    
    
     
  2. Richard

    Richard Proxmox Staff Member
    Staff Member

    Joined:
    Mar 6, 2015
    Messages:
    413
    Likes Received:
    10
    Since the default router is at xxx.xxx.xxx.xxx for all outgoing connection this network (where vmbr0 is connected to) will be used, regardless where you come from. In case of a connection originated in 10.0.1.0/24 not NAT will be made: sends packets via vmbr0, but they are not NATed (according to iptables nat at vmbr0 works only for 10.0.0.0/24 sources).


    Possible solutions:

    - source based routing, saying 10.0.1.0/24 sources have to be routed to yyy.yyy.yyy.yyy via vmbr1
    or
    - eliminate restriction "-s 10.0.0.1/24" in iptables, all traffic will be routed to xxx.xxx.xxx.xxx via vmbr0
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice