[PVE-User] PVE and NAT mode

[Yannick Palanque]

Hello,

À 2017-02-28T13:20:24+0100,
Uwe Sauter <uwe.sauter.de at gmail.com> écrivit :

> Hi,
> 
> I'm trying to use NAT in one of my VMs as I have no official IP
> address for it. I found [1] which explains how to setup masquerading
> but I'm a bit confused. [1] uses 10.10.10.0/24 as source address. In
> the PVE documentation [2] it is mentioned that PVE will serve
> addresses in the 10.0.2.0/24 range (which I can confirm. My VM got
> 10.0.2.15/24, gateway is 10.0.2.2).
> 
> I tried to use the commands from [1] on the fly but substituted
> 10.10.10.0/24 with 10.0.2.0/24. With this I am unable to access
> internet. Using 10.10.10.0/24 doesn't help either.

I don't use the NAT mode that you find in the settings when you create
a VM.
The example "Masquerading (NAT) with iptables" from [1] works for me.
Choose an addressing for vmbr0 network (modify if
needed /etc/network/interfaces) and use bridged mode for your VM.
I prefer static addressing and never tried DHCP.

> 2) How is the VM actually connected to the host? I don't see any
> virtual interfaces other than the bridges and VLAN interfaces I
> create in /etc/network/interfaces.

In the example "Masquerading (NAT) with iptables", VM are connected via
vmbr0. I don't known if I answer your question...

> 
> 3) Related to the 2nd question: If I use tcpdump on the host's
> interfaces I don't see any ICMP packets when I try to ping from
> within the VM. How can I debug this further?

Do you do 'tcpdump -i vmbr0' ?

> 5) Is NATing even working with PVE 4.4?

Yes! I use it. I had a little problem with NATing and PVE's firewall
but I solved it. For the beginning and troubleshooting, I advice you to
disable PVE's firewall.

Hope this helps...

Yannick