Internal Network for Proxmox

2016-05-11, 05:41 PM
I'm trying to create a internal network on my proxmox server. I want to be able to create say a database vm that can ping out and that I can update the machine from/install packages, but nothing can get in unless I pass it in with iptables.

On my host machine I have the following in /etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback

# for Routing
auto vmbr1
iface vmbr1 inet manual
post-up /etc/pve/kvm-networking.sh
bridge_ports dummy0
bridge_stp off
bridge_fd 0

# vmbr0: Bridging. Make sure to use only MAC adresses that were assigned to you.
auto vmbr0
iface vmbr0 inet static
bridge_ports eth0
bridge_stp off
bridge_fd 0

iface vmbr0 inet6 static
address 2607:5300:60:6858::
netmask 64
post-up /sbin/ip -f inet6 route add 2607:5300:60:68ff:ff:ff:ff:ff dev vmbr0
post-up /sbin/ip -f inet6 route add default via 2607:5300:60:68ff:ff:ff:ff:ff
pre-down /sbin/ip -f inet6 route del default via 2607:5300:60:68ff:ff:ff:ff:ff
pre-down /sbin/ip -f inet6 route del 2607:5300:60:68ff:ff:ff:ff:ff dev vmbr0

auto vmbr2
iface vmbr2 inet static
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1> /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '' -o vmbr0 -j MASQUERADE
post-down iptables -t nat D POSTROUTING -s '' -o vmbr0 -j MASQUERADE

On my database vm I have the following in /etc/network/interfaces

auto eth0
iface eth0 inet static

I can ping from the vm. I can't ping (google dns).

From the host machine I also can ping out from vmbr0
root@proxmox:/etc/network# ping -c 3 -I vmbr0 www.google.com
PING www.google.com ( from vmbr0: 56(84) bytes of data.
64 bytes from lga15s42-in-f4.1e100.net ( icmp_seq=1 ttl=57 time=23.9 ms
64 bytes from lga15s42-in-f4.1e100.net ( icmp_seq=2 ttl=57 time=23.8 ms
64 bytes from lga15s42-in-f4.1e100.net ( icmp_seq=3 ttl=57 time=23.7 ms

but I can't print out from vmbr2

root@proxmox:/etc/network# ping -c 3 -I vmbr2 www.google.com
PING www.google.com ( from vmbr2: 56(84) bytes of data.
From icmp_seq=1 Destination Host Unreachable
From icmp_seq=2 Destination Host Unreachable
From icmp_seq=3 Destination Host Unreachable

Any help would be appreciated. Thanks.