Proxmox - single public ip with multiple vms, openvz containers work, kvm's don't have a route

linux networking subnet gateway proxmox

9,317

I had the wrong ip address for the vmbr1 and in turn the wrong gateway for the kvm eth0 interface config

corrected kvm /etc/network/interface

iface eth0 inet static
    address 192.168.0.102
    netmask 255.255.255.0
    network 192.168.0.0
    broadcast 192.168.0.25
    gateway 192.168.0.1

corrected host /etc/network/interface

iface vmbr1 inet static
        address 192.168.0.1
        netmask 255.255.255.0

9,317

StrikeForceZero

Updated on September 18, 2022

Comments

StrikeForceZero over 1 year

Currently I only have a /30 block (1 usable IP) (I just ordered a /28 for 13 usable publics, waiting)

I just installed proxmox, set up a few virtual containers. Port forwarded the necessary services/ports. All is working. But when I load up a KVM I can't seem to identify what I'm doing wrong to only get outgoing connections, or even no connections.

All containers have the lan ip set and a veth0 device bridged to vmbr1 The KVM has a bridged network device to vmbr1 set as well (no where to dictate its lan ip in proxmox like the containers, this is where I think my problem is)

here's the /etc/network/interfaces for the kvm

auto lo
iface lo inet loopback

allow-hotplug eth0
iface eth0 inet static
    address 192.168.0.102
    netmask 255.255.255.0
    network 192.168.0.0
    broadcast 192.168.0.25
    gateway 192.168.0.254
    dns-nameserver 8.8.8.8
    dns-search 8.8.8.8

heres the /etc/network/interfaces for the host

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual

iface eth1 inet manual

iface eth2 inet manual

iface eth3 inet manual

auto vmbr0
iface vmbr0 inet static
        address  X.X.X.X
        netmask  255.255.255.0
        gateway  X.X.X.Z
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

auto vmbr1
iface vmbr1 inet static
        address 192.168.0.254
        netmask 255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE
        # VM 100
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 10022 -j DNAT --to 192.168.0.100:22
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 10022 -j DNAT --to 192.168.0.100:22
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 192.168.0.100:80
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 192.168.0.100:80
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 192.168.0.100:443
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 192.168.0.100:443
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 192.168.0.100:443
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 192.168.0.100:443
        # VM101
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 10122 -j DNAT --to 192.168.0.101:22
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 10122 -j DNAT --to 192.168.0.101:22
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 9987 -j DNAT --to 192.168.0.101:9987
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p udp --dport 9987 -j DNAT --to 192.168.0.101:9987
        **# VM102 (KVM)**
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 10222 -j DNAT --to 192.168.0.102:22
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 10222 -j DNAT --to 192.168.0.102:22
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 25565 -j DNAT --to 192.168.0.102:25565
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 25565 -j DNAT --to 192.168.0.102:25565
        # VM103
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 10322 -j DNAT --to 192.168.0.103:22
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 10322 -j DNAT --to 192.168.0.103:22
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 3306 -j DNAT --to 192.168.0.103:3306
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 3306 -j DNAT --to 192.168.0.103:3306

Babin Lonston almost 10 years

Cool, Will this port forward every request to Containers and vms in Proxmox ?
StrikeForceZero almost 10 years

@Lonston you have to specify what ports are forwarded to what private ip, but yes
Babin Lonston almost 10 years

Oh cool let me Copy your Stuff now and try it, for last 3 days I'm Struggling in this, I have a Dedicated server, i want to apply iptables in base server too, Do you have any iptables script for that ? Im using this unix.stackexchange.com/questions/140873/… and still not yet fixed my issues
StrikeForceZero almost 10 years

@Lonston i just wrote them by hand replacing what was appropriate. These ip tables are in the /etc/network/interfaces file of the host server / hyper-visor in this case proxmox
Babin Lonston almost 10 years

ok, let me try it and let you know in future thanks mate