Re: [PVE-User] PVE and NAT mode
Hi Yannick, I'll give it a try tomorrow. Thanks for the suggestion. Regards, Uwe Am 28.02.2017 um 19:45 schrieb Yannick Palanque: > Hello, > > À 2017-02-28T13:20:24+0100, > Uwe Sauterécrivit : > >> Hi, >> >> I'm trying to use NAT in one of my VMs as I have no official IP >> address for it. I found [1] which explains how to setup masquerading >> but I'm a bit confused. [1] uses 10.10.10.0/24 as source address. In >> the PVE documentation [2] it is mentioned that PVE will serve >> addresses in the 10.0.2.0/24 range (which I can confirm. My VM got >> 10.0.2.15/24, gateway is 10.0.2.2). >> >> I tried to use the commands from [1] on the fly but substituted >> 10.10.10.0/24 with 10.0.2.0/24. With this I am unable to access >> internet. Using 10.10.10.0/24 doesn't help either. > > I don't use the NAT mode that you find in the settings when you create > a VM. > The example "Masquerading (NAT) with iptables" from [1] works for me. > Choose an addressing for vmbr0 network (modify if > needed /etc/network/interfaces) and use bridged mode for your VM. > I prefer static addressing and never tried DHCP. > >> 2) How is the VM actually connected to the host? I don't see any >> virtual interfaces other than the bridges and VLAN interfaces I >> create in /etc/network/interfaces. > > In the example "Masquerading (NAT) with iptables", VM are connected via > vmbr0. I don't known if I answer your question... > >> >> 3) Related to the 2nd question: If I use tcpdump on the host's >> interfaces I don't see any ICMP packets when I try to ping from >> within the VM. How can I debug this further? > > Do you do 'tcpdump -i vmbr0' ? > >> 5) Is NATing even working with PVE 4.4? > > Yes! I use it. I had a little problem with NATing and PVE's firewall > but I solved it. For the beginning and troubleshooting, I advice you to > disable PVE's firewall. > > Hope this helps... > > Yannick > ___ pve-user mailing list pve-user@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
Re: [PVE-User] PVE and NAT mode
Hello, À 2017-02-28T13:20:24+0100, Uwe Sauterécrivit : > Hi, > > I'm trying to use NAT in one of my VMs as I have no official IP > address for it. I found [1] which explains how to setup masquerading > but I'm a bit confused. [1] uses 10.10.10.0/24 as source address. In > the PVE documentation [2] it is mentioned that PVE will serve > addresses in the 10.0.2.0/24 range (which I can confirm. My VM got > 10.0.2.15/24, gateway is 10.0.2.2). > > I tried to use the commands from [1] on the fly but substituted > 10.10.10.0/24 with 10.0.2.0/24. With this I am unable to access > internet. Using 10.10.10.0/24 doesn't help either. I don't use the NAT mode that you find in the settings when you create a VM. The example "Masquerading (NAT) with iptables" from [1] works for me. Choose an addressing for vmbr0 network (modify if needed /etc/network/interfaces) and use bridged mode for your VM. I prefer static addressing and never tried DHCP. > 2) How is the VM actually connected to the host? I don't see any > virtual interfaces other than the bridges and VLAN interfaces I > create in /etc/network/interfaces. In the example "Masquerading (NAT) with iptables", VM are connected via vmbr0. I don't known if I answer your question... > > 3) Related to the 2nd question: If I use tcpdump on the host's > interfaces I don't see any ICMP packets when I try to ping from > within the VM. How can I debug this further? Do you do 'tcpdump -i vmbr0' ? > 5) Is NATing even working with PVE 4.4? Yes! I use it. I had a little problem with NATing and PVE's firewall but I solved it. For the beginning and troubleshooting, I advice you to disable PVE's firewall. Hope this helps... Yannick ___ pve-user mailing list pve-user@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
[PVE-User] PVE and NAT mode
Hi, I'm trying to use NAT in one of my VMs as I have no official IP address for it. I found [1] which explains how to setup masquerading but I'm a bit confused. [1] uses 10.10.10.0/24 as source address. In the PVE documentation [2] it is mentioned that PVE will serve addresses in the 10.0.2.0/24 range (which I can confirm. My VM got 10.0.2.15/24, gateway is 10.0.2.2). I tried to use the commands from [1] on the fly but substituted 10.10.10.0/24 with 10.0.2.0/24. With this I am unable to access internet. Using 10.10.10.0/24 doesn't help either. I also have a cluster-wide firewall configured that rejects everything that is addressed to the Proxmox host's external interface. (I have a separate management interface that is on an internal network. The external interface is only used for updates and, if I get this going, for NAT.) Disabling the firewall didn't solve the issue. Questions: 1) Which one is the correct network for the configuration? Does the wiki need to be updated? 2) How is the VM actually connected to the host? I don't see any virtual interfaces other than the bridges and VLAN interfaces I create in /etc/network/interfaces. 3) Related to the 2nd question: If I use tcpdump on the host's interfaces I don't see any ICMP packets when I try to ping from within the VM. How can I debug this further? 4) Does a cluster-wide firewall affect NATing? 5) Is NATing even working with PVE 4.4? Any help is appreciated. Regards, Uwe [1] https://pve.proxmox.com/wiki/Network_Model#Masquerading_.28NAT.29_with_iptables [2] https://:8006/pve-docs/chapter-qm.html#qm_network_device ___ pve-user mailing list pve-user@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user