We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

Internal Network for Proxmox


gregf
2016-05-11, 05:41 PM
I'm trying to create a internal network on my proxmox server. I want to be able to create say a database vm that can ping out and that I can update the machine from/install packages, but nothing can get in unless I pass it in with iptables.

On my host machine I have the following in /etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback

# for Routing
auto vmbr1
iface vmbr1 inet manual
post-up /etc/pve/kvm-networking.sh
bridge_ports dummy0
bridge_stp off
bridge_fd 0


# vmbr0: Bridging. Make sure to use only MAC adresses that were assigned to you.
auto vmbr0
iface vmbr0 inet static
address 167.114.101.88
netmask 255.255.255.0
network 167.114.101.0
broadcast 167.114.101.255
gateway 167.114.101.254
bridge_ports eth0
bridge_stp off
bridge_fd 0

iface vmbr0 inet6 static
address 2607:5300:60:6858::
netmask 64
post-up /sbin/ip -f inet6 route add 2607:5300:60:68ff:ff:ff:ff:ff dev vmbr0
post-up /sbin/ip -f inet6 route add default via 2607:5300:60:68ff:ff:ff:ff:ff
pre-down /sbin/ip -f inet6 route del default via 2607:5300:60:68ff:ff:ff:ff:ff
pre-down /sbin/ip -f inet6 route del 2607:5300:60:68ff:ff:ff:ff:ff dev vmbr0

auto vmbr2
iface vmbr2 inet static
address 10.0.1.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1> /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.0.1.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat D POSTROUTING -s '10.0.1.0/24' -o vmbr0 -j MASQUERADE

On my database vm I have the following in /etc/network/interfaces

auto eth0
iface eth0 inet static
address 10.0.1.100
netmask 255.255.255.0
gateway 10.0.1.1

I can ping 10.0.1.1 from the vm. I can't ping 8.8.8.8 (google dns).

From the host machine I also can ping out from vmbr0
root@proxmox:/etc/network# ping -c 3 -I vmbr0 www.google.com
PING www.google.com (172.217.3.4) from 167.114.101.88 vmbr0: 56(84) bytes of data.
64 bytes from lga15s42-in-f4.1e100.net (172.217.3.4): icmp_seq=1 ttl=57 time=23.9 ms
64 bytes from lga15s42-in-f4.1e100.net (172.217.3.4): icmp_seq=2 ttl=57 time=23.8 ms
64 bytes from lga15s42-in-f4.1e100.net (172.217.3.4): icmp_seq=3 ttl=57 time=23.7 ms

but I can't print out from vmbr2

root@proxmox:/etc/network# ping -c 3 -I vmbr2 www.google.com
PING www.google.com (172.217.3.4) from 10.0.1.1 vmbr2: 56(84) bytes of data.
From 10.0.1.1 icmp_seq=1 Destination Host Unreachable
From 10.0.1.1 icmp_seq=2 Destination Host Unreachable
From 10.0.1.1 icmp_seq=3 Destination Host Unreachable

Any help would be appreciated. Thanks.