Dear All,
I am using Proxmox already a while ago, my setup works sofar fine, except that the Mailcow VM which has only its public IP, uses for outgoing connections (SMTP)
And this makes trouble due to my point of view, something in the routing is not working well
Anyone has some suggestions to fix that? i would really be happy if someone could tell me a hint
Oder in Deutsch:
Das routing scheint probleme zu machen, es funktioniert soweit alles wie es soll, außer dass die Mailcow VM nach außen mit der Public-IP des Hosts anstatt der eigenen Arbeitet. Jemand eine idee?
I am using Proxmox already a while ago, my setup works sofar fine, except that the Mailcow VM which has only its public IP, uses for outgoing connections (SMTP)
And this makes trouble due to my point of view, something in the routing is not working well
auto lo
iface lo inet loopback
auto ens3
iface ens3 inet static
address 213.x.161.x
netmask 255.255.252.0
gateway 213.x.160.x
post-up echo 1 > /proc/sys/net/ipv4/conf/ens3/proxy_arp
post-up /etc/iptab_up
post_down /etc/iptab_down
auto vmbr0 vmbr1
#NAT sub network, not bridged
iface vmbr0 inet static
address 10.0.0.1
netmask 255.0.0.0
bridge_ports none
bridge_stp on
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/8' -o ens3 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/8' -o ens3 -j MASQUERADE
#private sub network2
#bridged to ens3
iface vmbr1 inet static
address 10.0.0.2
netmask 255.0.0.0
bridge_ports none
bridge_stp on
bridge_fd 0
post-up route add 188.x.44.x dev vmbr1
post-up route add 185.x.10.x dev vmbr1
post-down route del 185.x.10.x dev vmbr1
post-down route del 188.x.44.x dev vmbr1
#post-up iptables -t nat -A POSTROUTING -s '188.68.44.110/32' -o ens3 -j MASQUERADE
#post-down iptables -t nat -D POSTROUTING -s '188.68.44.110/32' -o ens3 -j MASQUERADE
iface lo inet loopback
auto ens3
iface ens3 inet static
address 213.x.161.x
netmask 255.255.252.0
gateway 213.x.160.x
post-up echo 1 > /proc/sys/net/ipv4/conf/ens3/proxy_arp
post-up /etc/iptab_up
post_down /etc/iptab_down
auto vmbr0 vmbr1
#NAT sub network, not bridged
iface vmbr0 inet static
address 10.0.0.1
netmask 255.0.0.0
bridge_ports none
bridge_stp on
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/8' -o ens3 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/8' -o ens3 -j MASQUERADE
#private sub network2
#bridged to ens3
iface vmbr1 inet static
address 10.0.0.2
netmask 255.0.0.0
bridge_ports none
bridge_stp on
bridge_fd 0
post-up route add 188.x.44.x dev vmbr1
post-up route add 185.x.10.x dev vmbr1
post-down route del 185.x.10.x dev vmbr1
post-down route del 188.x.44.x dev vmbr1
#post-up iptables -t nat -A POSTROUTING -s '188.68.44.110/32' -o ens3 -j MASQUERADE
#post-down iptables -t nat -D POSTROUTING -s '188.68.44.110/32' -o ens3 -j MASQUERADE
auto lo
iface lo inet loopback
auto ens3
iface ens3 inet static
address 213.x.161.x
netmask 255.255.252.0
gateway 213.x.160.x
post-up echo 1 > /proc/sys/net/ipv4/conf/ens3/proxy_arp
post-up /etc/iptab_up #only rules for ports
post_down /etc/iptab_down
auto vmbr0 vmbr1
#NAT sub network, not bridged
iface vmbr0 inet static
address 10.0.0.1
netmask 255.0.0.0
bridge_ports none
bridge_stp on
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/8' -o ens3 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/8' -o ens3 -j MASQUERADE
#private sub network2
#bridged to ens3
iface vmbr1 inet static
address 10.0.0.2
netmask 255.0.0.0
bridge_ports none
bridge_stp on
bridge_fd 0
post-up route add 188.x.44.x dev vmbr1
post-up route add 185.x.10.x dev vmbr1
post-down route del 185.x.10.x dev vmbr1
post-down route del 188.x.44.x dev vmbr1
#post-up iptables -t nat -A POSTROUTING -s '188.x.44.x/32' -o ens3 -j MASQUERADE
#post-down iptables -t nat -D POSTROUTING -s '188.x.44.x/32' -o ens3 -j MASQUERADE
#### Someone told me to NAT the public ip, but it seems to have no effect.
default via 213.x.160.x dev ens3 onlink
10.0.0.0/8 dev vmbr0 proto kernel scope link src 10.0.0.1
10.0.0.0/8 dev vmbr1 proto kernel scope link src 10.0.0.2
185.x.10.x dev vmbr1 scope link
188.x.44.x dev vmbr1 scope link
213.x.160.x/22 dev ens3 proto kernel scope link src 213.x.161.x
iface lo inet loopback
auto ens3
iface ens3 inet static
address 213.x.161.x
netmask 255.255.252.0
gateway 213.x.160.x
post-up echo 1 > /proc/sys/net/ipv4/conf/ens3/proxy_arp
post-up /etc/iptab_up #only rules for ports
post_down /etc/iptab_down
auto vmbr0 vmbr1
#NAT sub network, not bridged
iface vmbr0 inet static
address 10.0.0.1
netmask 255.0.0.0
bridge_ports none
bridge_stp on
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/8' -o ens3 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/8' -o ens3 -j MASQUERADE
#private sub network2
#bridged to ens3
iface vmbr1 inet static
address 10.0.0.2
netmask 255.0.0.0
bridge_ports none
bridge_stp on
bridge_fd 0
post-up route add 188.x.44.x dev vmbr1
post-up route add 185.x.10.x dev vmbr1
post-down route del 185.x.10.x dev vmbr1
post-down route del 188.x.44.x dev vmbr1
#post-up iptables -t nat -A POSTROUTING -s '188.x.44.x/32' -o ens3 -j MASQUERADE
#post-down iptables -t nat -D POSTROUTING -s '188.x.44.x/32' -o ens3 -j MASQUERADE
#### Someone told me to NAT the public ip, but it seems to have no effect.
default via 213.x.160.x dev ens3 onlink
10.0.0.0/8 dev vmbr0 proto kernel scope link src 10.0.0.1
10.0.0.0/8 dev vmbr1 proto kernel scope link src 10.0.0.2
185.x.10.x dev vmbr1 scope link
188.x.44.x dev vmbr1 scope link
213.x.160.x/22 dev ens3 proto kernel scope link src 213.x.161.x
Anyone has some suggestions to fix that? i would really be happy if someone could tell me a hint
Oder in Deutsch:
Das routing scheint probleme zu machen, es funktioniert soweit alles wie es soll, außer dass die Mailcow VM nach außen mit der Public-IP des Hosts anstatt der eigenen Arbeitet. Jemand eine idee?
