[SOLVED] VM doesn't connect internet on NAT Proxmox

[Domsday2017]

I have installed Proxmox 4.4 and i am trying to configure a virtual machine as a communication server that handles all traffic and forwards them to the nodes with private ip.
I configured server for NAT networking.

My problem is I could ping from proxmox server to vm and from vm to proxmox in the address range 10.10.10.x.

root@pve1:~# ping 10.10.10.10
PING 10.10.10.10 (10.10.10.10) 56(84) bytes of data.
64 bytes from 10.10.10.10: icmp_seq=1 ttl=64 time=1.69 ms
64 bytes from 10.10.10.10: icmp_seq=2 ttl=64 time=0.857 ms

[root@localhost ~]# ping 10.10.10.100
PING 10.10.10.100 (10.10.10.100) 56(84) bytes of data.
64 bytes from 10.10.10.100: icmp_seq=1 ttl=64 time=1.53 ms
64 bytes from 10.10.10.100: icmp_seq=2 ttl=64 time=1.03 ms

But I can not ping out the internet from the VM. Please help me fix this

[root@localhost ~]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 10.10.10.10 icmp_seq=1 Destination Host Unreachable
From 10.10.10.10 icmp_seq=2 Destination Host Unreachable
From 10.10.10.10 icmp_seq=3 Destination Host Unreachable

I send you the configuration that I have installed.
Proxmox server
Configuration in the file /etc/network/interfaces

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
    address 103.195.xxx.11
    netmask 255.255.255.128
    gateway 103.195.xxx.1

auto vmbr0
iface vmbr0 inet static
    address 10.10.10.100
    netmask 255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eth0 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eth0 -j MASQUERADE
    post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1022 -j DNAT --to 10.10.10.10:22
    post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 1022 -j DNAT --to 10.10.10.10:22

Firewall rule of nat

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere             tcp dpt:1022 to:10.10.10.10:22

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  10.10.10.0/24        anywhere

Ip forwarding

root@pve1:~# cat /proc/sys/net/ipv4/ip_forward
1

Virtual machine
Config interface eth0

[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=4E:73:99:66:5D:9C
TYPE=Ethernet
UUID=ba9961e6-a13a-4899-b744-b6dc07e8956e
IPADDR=10.10.10.10
NETMASK=255.255.255.0
GATEWAY=10.10.10.1
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=no

Rule iptables

[root@localhost ~]# cat /etc/sysconfig/iptables
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -d 103.195.241.11/32 -p tcp -m tcp --dport 1022 -j DNAT --to-destination 10.10.10.20:1022
-A POSTROUTING -d 10.10.10.20/32 -p tcp -m tcp --dport 1022 -j SNAT --to-source 10.10.10.100
COMMIT

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [37:2732]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1022 -j ACCEPT
COMMIT

Please help me. Sorry my english vey bad

 

[manu]

looks to me like your gateway is wrong in the VM config
it should be be the IP adress of the bridge vmbr0 where the routing is taking place (10.10.10.100 according to your /etc/network/interfaces )

 

[Domsday2017]

Thanks for your answer. It has helped me a lot. Please close topic.

 

[manu]

I think you should have the possibility of marking this thread as solved in the forum panel