[PVE-User] PVE and NAT mode

Uwe Sauter uwe.sauter.de at gmail.com
Tue Feb 28 20:46:13 CET 2017

Hi Yannick,

I'll give it a try tomorrow.

Thanks for the suggestion.



Am 28.02.2017 um 19:45 schrieb Yannick Palanque:
> Hello,
> À 2017-02-28T13:20:24+0100,
> Uwe Sauter <uwe.sauter.de at gmail.com> écrivit :
>> Hi,
>> I'm trying to use NAT in one of my VMs as I have no official IP
>> address for it. I found [1] which explains how to setup masquerading
>> but I'm a bit confused. [1] uses as source address. In
>> the PVE documentation [2] it is mentioned that PVE will serve
>> addresses in the range (which I can confirm. My VM got
>>, gateway is
>> I tried to use the commands from [1] on the fly but substituted
>> with With this I am unable to access
>> internet. Using doesn't help either.
> I don't use the NAT mode that you find in the settings when you create
> a VM.
> The example "Masquerading (NAT) with iptables" from [1] works for me.
> Choose an addressing for vmbr0 network (modify if
> needed /etc/network/interfaces) and use bridged mode for your VM.
> I prefer static addressing and never tried DHCP.
>> 2) How is the VM actually connected to the host? I don't see any
>> virtual interfaces other than the bridges and VLAN interfaces I
>> create in /etc/network/interfaces.
> In the example "Masquerading (NAT) with iptables", VM are connected via
> vmbr0. I don't known if I answer your question...
>> 3) Related to the 2nd question: If I use tcpdump on the host's
>> interfaces I don't see any ICMP packets when I try to ping from
>> within the VM. How can I debug this further?
> Do you do 'tcpdump -i vmbr0' ?
>> 5) Is NATing even working with PVE 4.4?
> Yes! I use it. I had a little problem with NATing and PVE's firewall
> but I solved it. For the beginning and troubleshooting, I advice you to
> disable PVE's firewall.
> Hope this helps...
> Yannick

More information about the pve-user mailing list