[SOLVED] VM or CT cannot resolve or ping dns

D

didier91

New Member
Mar 5, 2019
2
0
1
26
Hi everyone I am trying test Proxmox and i have some troubles
My VM or CT cannot ping google.fr or 8.8.8.8.
My conf of CT
resolv.conf :
Code: 
nameserver 192.168.0.100
nameserver 8.8.8.8

interfaces
Code: 
auto eth0
iface eth0 inet static
        address 172.16.2.2
        netmask 255.255.255.0
        gateway 172.16.2.1


On proxmox my set up
Code: 
auto lo
iface lo inet loopback

iface enp0s25 inet manual

auto vmbr0
iface vmbr0 inet static
        address  192.168.0.100
        netmask  255.255.255.0
        gateway  192.168.0.1
        bridge-ports enp0s25
        bridge-stp off
        bridge-fd 0

auto vmbr4
iface vmbr4 inet static
        address  172.16.2.1
        netmask  255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up iptables -t nat -A POSTROUTING -s '172.16.2.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '172.16.2.0/24' -o vmbr0 -j MASQUERADE

resolv.conf
8.8.8.8

Rules iptables
Code: 
#Flush
iptables -F
iptables -t nat -F
iptables -X

#police par defaut
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP


iptables -I INPUT -i lo -j ACCEPT
iptables -I OUTPUT -o lo -j ACCEPT

#ICMP
iptables -A INPUT -i vmbr0 -p icmp -j ACCEPT
iptables -A OUTPUT -o vmbr0 -p icmp -j ACCEPT

#ssh
iptables -A INPUT -i vmbr0 -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -o vmbr0 -p tcp --sport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT

#update
iptables -A OUTPUT -o vmbr0 -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -i vmbr0 -p tcp --sport 443 -m state --state ESTABLISHED,RELATED -j ACCEPT

# dns
iptables -A OUTPUT -o vmbr0 -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -o vmbr0 -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -i vmbr0 -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i vmbr0 -p tcp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT

# proxmox panel
iptables -A INPUT -i vmbr0 -p tcp --dport 8006 -j ACCEPT
iptables -A OUTPUT -o vmbr0 -p tcp --sport 8006 -m state --state ESTABLISHED,RELATED -j ACCEPT

route
Code: 
default via 192.168.0.1 dev vmbr0 onlink
172.16.2.0/24 dev vmbr4 proto kernel scope link src 172.16.2.1
192.168.0.0/24 dev vmbr0 proto kernel scope link src 192.168.0.100

So i try to allow trafic DNS
iptables -A INPUT -i vmbr4 -p tcp -s 172.16.2.0/24 --dport 53 -j ACCEPT
iptables -A INPUT -i vmbr4 -p udp -s 172.16.2.0/24 --dport 53 -j ACCEPT
iptables -A OUTPUT -i vmbr4 -p udp --sport 53 --j ACCEPT
iptables -A OUTPUT -i vmbr4 -p tcp --sport 53 --j ACCEPT

But not works I didn't understand why i can't reach google or another ip public.
Normally with nat it should work
i can ping between CT and proxmox works
What i miss
I think my iptables not allow dns because when i flush all iptables rules it works but how can i allow my ct to communicate with internet with theses rules
Thanks for your return
 
Last edited:
You'll have to add the rules to the FORWARD chain as well.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom