VM can be reached over Internet but has no outgoing Internet Connection

D

DerAdmin

New Member
Feb 12, 2019
2
0
1
36
Hello,

I can't figure it out by myself even after searching google for many hours.

The VM can access Web as soon as I deactivate Proxmox VM Firewall for this specific VM Windows Server 2016.
It makes no sense for me because setting is outgoing policy "accept"
I can reach the VM over Internet with RDP. I know I could just deactivate the Firewall on VM Layer but now I want to know the problem.

This is my Interfaces Config for pve host

Code: 
auto lo
iface lo inet loopback

iface ens3 inet manual

auto vmbr0
iface vmbr0 inet static
        address  xxx.xxx.xxx.xxx
        netmask  255.255.252.0
        gateway  xxx.xxx.1xx.1
        bridge-ports ens3
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address  192.168.1.10
        netmask  255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward

        post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE

        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 3389 -j DNAT --to 192.168.1.100:3389
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 3389 -j DNAT --to 192.168.1.100:3389
 
Hi,

you have to bind your firewall rules to the interface ens3 and not to any or vmbr0.
the nat route is incoming traffic for vmbr0.
 
  • Like
Reactions: DerAdmin
ah, thank you! Now I can at least ping the Proxmox Host but no name resolution it seams it stops at pve host.

Network devices:
Code: 
DEVICE    type    Active    Port    IP              Subnet    Gateway
ens3      Device   Yes
vmbr0     Bridge   Yes      ens3    xxx              xxx      xxx
vmbr1     Bridge   Yes              192.168.1.10     /24

Firewall PVE Host:
Code: 
Type    Interface    Action    Source            Destination    Protocol    dest. Port    source port
in                   ACCEPT   192.168.1.0/24     0.0.0.0/0      tcp
in                   ACCEPT                      xxx.xxx.xxx    tcp         x
in                   ACCEPT                      xxx.xxx.xxx    tcp         8006
 
Last edited:
You must log in or register to reply here.
Top Bottom