[SOLVED] VM MASQUERADE and Firewall issue

[Karpiu]

Hello,
I set MASQUERADE for all my VM on vmbr0 and all works fine until I set Firewall on interface for VM after that I can't go out to Internet. All my politics on input/out set for ACCEPT but still going out doesn't work at all. Did I miss something ? When Firewall is disabled all works well.

 

[LnxBil]

I had the same problem. Try this:

iptables -t raw -A PREROUTING -i <VMID>i0 -j CT --zone 1

I got the idea from here:
https://forum.proxmox.com/threads/proxmox-firewall-for-nat.20382/#post-120959

 

[Karpiu]

Thx for a hint, It works great but sad in this solution is manual adding to every VM/CT
In your iptables lane I had to add fwbr<VMID>i0 instead of <VMID>i0 in input interface:

iptables -t raw -A PREROUTING -i fwbr103i0 -j CT --zone 1

Is there any solution to turn this trick automatically ?

 

[LnxBil]

I already mailed with @dietmar and this is not expected behaviour, yet I do not know if this will be fixed in upcoming releases or not. I have not filed a bug report about this.

 

[Kai Lilleby]

ref the previous post (dated feb 21. 2015) - whats the official proxmox way of handling this? whats you reply @dietmar ?