[PVE-User] PVE and NAT mode

Uwe Sauter uwe.sauter.de at gmail.com
Tue Feb 28 13:20:24 CET 2017


I'm trying to use NAT in one of my VMs as I have no official IP address for it. I found [1] which explains how to setup
masquerading but I'm a bit confused. [1] uses as source address. In the PVE documentation [2] it is mentioned that
PVE will serve addresses in the range (which I can confirm. My VM got, gateway is

I tried to use the commands from [1] on the fly but substituted with With this I am unable to access
internet. Using doesn't help either.

I also have a cluster-wide firewall configured that rejects everything that is addressed to the Proxmox host's external interface.
(I have a separate management interface that is on an internal network. The external interface is only used for updates and, if I
get this going, for NAT.) Disabling the firewall didn't solve the issue.


1) Which one is the correct network for the configuration? Does the wiki need to be updated?

2) How is the VM actually connected to the host? I don't see any virtual interfaces other than the bridges and VLAN interfaces I
create in /etc/network/interfaces.

3) Related to the 2nd question: If I use tcpdump on the host's interfaces I don't see any ICMP packets when I try to ping from
within the VM. How can I debug this further?

4) Does a cluster-wide firewall affect NATing?

5) Is NATing even working with PVE 4.4?

Any help is appreciated.



[1] https://pve.proxmox.com/wiki/Network_Model#Masquerading_.28NAT.29_with_iptables
[2] https://<your proxmox host>:8006/pve-docs/chapter-qm.html#qm_network_device

More information about the pve-user mailing list