VM can be reached over Internet but has no outgoing Internet Connection

D

DerAdmin

New Member
Feb 12, 2019
2
0
1
35
Hello,

I can't figure it out by myself even after searching google for many hours.

The VM can access Web as soon as I deactivate Proxmox VM Firewall for this specific VM Windows Server 2016.
It makes no sense for me because setting is outgoing policy "accept"
I can reach the VM over Internet with RDP. I know I could just deactivate the Firewall on VM Layer but now I want to know the problem.

This is my Interfaces Config for pve host

Code: 
auto lo
iface lo inet loopback

iface ens3 inet manual

auto vmbr0
iface vmbr0 inet static
        address  xxx.xxx.xxx.xxx
        netmask  255.255.252.0
        gateway  xxx.xxx.1xx.1
        bridge-ports ens3
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address  192.168.1.10
        netmask  255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward

        post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE

        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 3389 -j DNAT --to 192.168.1.100:3389
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 3389 -j DNAT --to 192.168.1.100:3389
 
Hi,

you have to bind your firewall rules to the interface ens3 and not to any or vmbr0.
the nat route is incoming traffic for vmbr0.
 
  • Like
Reactions: DerAdmin
ah, thank you! Now I can at least ping the Proxmox Host but no name resolution it seams it stops at pve host.

Network devices:
Code: 
DEVICE    type    Active    Port    IP              Subnet    Gateway
ens3      Device   Yes
vmbr0     Bridge   Yes      ens3    xxx              xxx      xxx
vmbr1     Bridge   Yes              192.168.1.10     /24

Firewall PVE Host:
Code: 
Type    Interface    Action    Source            Destination    Protocol    dest. Port    source port
in                   ACCEPT   192.168.1.0/24     0.0.0.0/0      tcp
in                   ACCEPT                      xxx.xxx.xxx    tcp         x
in                   ACCEPT                      xxx.xxx.xxx    tcp         8006
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back