up ip route add is ignored

P

patrick-werner

Active Member
Proxmox Subscriber
Mar 1, 2019
8
0
41
42
We want to restrict the access to the WebGui to our Admin Net. Therefore we created a bridge (vmbr1) for the admin net and added a route manually:

ip route add 10.0.0.0/8 via 10.220.10.2
Click to expand...

This works perfect (until the next reboot of course). We then added the command into etc/network/interfaces and it doesn't add the route at startup. I totally wonder why?
Code: 
auto lo
iface lo inet loopback

auto eno1
iface eno1 inet dhcp

auto vmbr0
iface vmbr0 inet manual
    bridge-ports eno1.4022
    bridge-stp off
    bridge-fd 0
#VM Internal

auto vmbr1
iface vmbr1 inet static
    address  10.220.10.2
    netmask  255.255.0.0
    gateway  10.220.0.1
    bridge-ports eno1.4020
    bridge-stp off
    bridge-fd 0
    up ip route add 10.0.0.0/8 via 10.220.0.1
#Admin
 
Last edited:
AFAIR the 'up' line in '/etc/network/interfaces' is only taken for manual configuration (instead of static).
Try replacing it with a 'post-up' - this should work with static as well.

hope this helps!
 
Stoiko Ivanov said:
Try replacing it with a 'post-up' - this should work with static as well.
Click to expand...
unfortunately post-up is just an alias for up. But i tried it anyways - no success. I also tried to add up/post-up to eno1, no success.

After a lot of trial and error, swearing and sweating i found the solution: The default gateway ist set via DHCP in eno1. Overwriting the gateway in vmbr1 seems to cause ifup to fail at that line and skip the rest of the iface.

Solution: don't add a gateway to vmbr1, instead go with the static route only.


Code: 
auto lo
iface lo inet loopback

auto eno1
iface eno1 inet dhcp

auto vmbr0
iface vmbr0 inet manual
        bridge-ports eno1.4022
        bridge-stp off
        bridge-fd 0
#VM Internal

auto vmbr1
iface vmbr1 inet static
        address  10.220.10.2
        netmask  255.255.0.0
#       gateway  10.220.0.1
        bridge-ports eno1.4020
        bridge-stp off
        bridge-fd 0
        post-up ip route add 10.0.0.0/8 via 10.220.0.1 || echo FAILED
#Admin

auto vmbr2
iface vmbr2 inet manual
        bridge-ports eno1.4000
        bridge-stp off
        bridge-fd 0
#Public
 
glad you found the solution for your issue! - and yes - if you have a dhcp-server delivering the default route and configuring an interface then setting a second default route (i.e. having a gateway line for an interface) will fail ('RTNETLINK answers: File exists') - thus preventing the up/post-up steps from running (I overlooked the dhcp line).

on a sidenote PVE relies on having a static ip configured (and being able to resolve the hostname to this (usually via /etc/hosts)) - so depending on your setup you might run into other problems.

patrick-werner said:
unfortunately post-up is just an alias for up.
Click to expand...
hm - did not know that/could not find the documentation - where did you read that?
Thanks!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back