VM routing oddity

M

mrnippy

New Member
Oct 6, 2022
3
0
1
Hello,

Goal: route traffic through a proxmox VM (so that I can use ipset blacklists)

Problem: Traffic can reach the VM on 10.0.0.10, but even if other hosts on the network set their default gateways to 10.0.0.10, traffic is never sent into the VM, the hypervisor sends it onwards to 10.1.1.1 without dropping it down into 10.0.0.10.

/etc/network/interfaces:

Code: 
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
        address 10.1.1.5/24
        gateway 10.1.1.1
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
auto vmbr0
iface vmbr0 inet static
        address 10.0.0.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0


Traceroute to an external IP from a physical host:
Code: 
traceroute to 52.65.87.70 (52.65.87.70), 20 hops max, 60 byte packets
 1  10.1.1.5  100.496 ms  100.477 ms  100.861 ms
 2  10.1.1.1  100.926 ms  101.253 ms  101.314 ms
 3  172.16.0.1  101.755 ms  101.961 ms  102.117 ms

Traceroute to the vm from the same physical host:
Code: 
traceroute to 10.0.0.10 (10.0.0.10), 20 hops max, 60 byte packets
 1  10.1.1.5  21.415 ms  21.372 ms  21.736 ms
 2  10.0.0.10  22.042 ms  22.428 ms  23.015 m

The physical host's routing table:
Code: 
default via 10.0.0.10 dev wlan0 proto dhcp src 10.1.1.210 metric 600
10.0.0.10 dev wlan0 proto dhcp scope link src 10.1.1.210 metric 600
10.1.1.0/24 dev wlan0 proto kernel scope link src 10.1.1.210 metric 600

Why does the traffic not pass through the VM, even though the routes seem correct?

I do have an entire network diagram, if anyone believes it might help - I just need to edit out sensitive data.

P.S. there is a static route at 10.1.1.1 to direct 10.0.0.0/24 to 10.1.1.5
 
Here's the network map best I can describe it.
172.16.0.1 is a router in another house with a cross-link.
Nothing is broken there but I left it in for transparency.Screenshot_2022-10-06_10-11-00.png
 
I have added an additional NIC on the hypervisor now, but it doesn't seem to have helped.
 
Last edited:
You must log in or register to reply here.
Top Bottom