[PVE-User] PVE and NAT mode

Tue Feb 28 20:46:13 CET 2017

Hi Yannick,

I'll give it a try tomorrow.

Thanks for the suggestion.

Regards,

	Uwe

Am 28.02.2017 um 19:45 schrieb Yannick Palanque:
> Hello,
> 
> À 2017-02-28T13:20:24+0100,
> Uwe Sauter <uwe.sauter.de at gmail.com> écrivit :
> 
>> Hi,
>>
>> I'm trying to use NAT in one of my VMs as I have no official IP
>> address for it. I found [1] which explains how to setup masquerading
>> but I'm a bit confused. [1] uses 10.10.10.0/24 as source address. In
>> the PVE documentation [2] it is mentioned that PVE will serve
>> addresses in the 10.0.2.0/24 range (which I can confirm. My VM got
>> 10.0.2.15/24, gateway is 10.0.2.2).
>>
>> I tried to use the commands from [1] on the fly but substituted
>> 10.10.10.0/24 with 10.0.2.0/24. With this I am unable to access
>> internet. Using 10.10.10.0/24 doesn't help either.
> 
> I don't use the NAT mode that you find in the settings when you create
> a VM.
> The example "Masquerading (NAT) with iptables" from [1] works for me.
> Choose an addressing for vmbr0 network (modify if
> needed /etc/network/interfaces) and use bridged mode for your VM.
> I prefer static addressing and never tried DHCP.
> 
>> 2) How is the VM actually connected to the host? I don't see any
>> virtual interfaces other than the bridges and VLAN interfaces I
>> create in /etc/network/interfaces.
> 
> In the example "Masquerading (NAT) with iptables", VM are connected via
> vmbr0. I don't known if I answer your question...
> 
>>
>> 3) Related to the 2nd question: If I use tcpdump on the host's
>> interfaces I don't see any ICMP packets when I try to ping from
>> within the VM. How can I debug this further?
> 
> Do you do 'tcpdump -i vmbr0' ?
> 
>> 5) Is NATing even working with PVE 4.4?
> 
> Yes! I use it. I had a little problem with NATing and PVE's firewall
> but I solved it. For the beginning and troubleshooting, I advice you to
> disable PVE's firewall.
> 
> Hope this helps...
> 
> Yannick
> 