I'm trying to configurate my proxmox but something is faulty and I cannot see what really it is.
I hit almost every google search result and almost every post on the forum and still can't see what the **** am I doing wrong.
I have the following /etc/network/interface on the host:
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
iface lo inet6 loopback
auto enp0s31f6
iface enp0s31f6 inet static
address 188.40.120.186
netmask 255.255.255.192
gateway 188.40.120.129
up route add -net 188.40.120.128 netmask 255.255.255.192 gw 188.40.120.129 dev enp0s31f6
# route 188.40.120.128/26 via 188.40.120.129
iface enp0s31f6 inet6 static
address 2a01:4f8:221:2dc8::2
netmask 64
gateway fe80::1
auto enp0s31f6.4000
iface enp0s31f6.4000 inet static
address 192.168.100.1
netmask 24
mtu 1400
auto vmbr0
iface vmbr0 inet static
address 178.63.206.24
broadcast 178.63.206.31
netmask 32
bridge-ports none
bridge-stp off
bridge-fd 0
bridge_maxwait 0
pre-up brctl addbr vmbr0
up ip route add 178.63.206.25/32 dev vmbr0
up ip route add 178.63.206.26/32 dev vmbr0
up ip route add 178.63.206.27/32 dev vmbr0
up ip route add 178.63.206.28/32 dev vmbr0
up ip route add 178.63.206.29/32 dev vmbr0
up ip route add 178.63.206.30/32 dev vmbr0
up ip route add 178.63.206.31/32 dev vmbr0
#iface vmbr0 inet6 static
# address 2a01:4f8:221:2dc8::2
# netmask 64
auto vmbr1
iface vmbr1 inet static
address 10.20.30.1
netmask 255.255.255.0
bridge-ports none
bridge-stp off
bridge-fd 0
post-up iptables -t nat -A POSTROUTING -s '10.20.30.0/24' -o enp0s31f6 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING
And the following one on a machine:
auto lo
iface lo inet loopback
auto ens18
iface ens18 inet static
address 178.63.206.25
netmask 255.255.255.255
gateway 188.40.120.186
post-up ip route add 188.40.120.186 dev ens18
post-up ip route add default via 188.40.120.186 dev ens18
post-down ip route add default via 188.40.120.186 dev ens18
post-down ip route add default via 188.40.120.186 dev ens18
# route 188.40.120.128/26 via 188.40.120.129
auto ens18.4000
iface ens18.4000 inet static
address 192.168.100.3
netmask 24
mtu 1400
auto ens19
iface ens19 inet static
address 10.20.30.3
netmask 255.255.255
gateway 10.20.30.1
The idea of network is that:
IP from vswitch (192.168.100.X) SHOULD reach VM via 192.168.100.3, or either via 192.168.100.1 with port/proxy forwarding.
OUTSIDE SHOULD NOT reach VM via 178.63.206.25 (but I think this should be solved on firewall rather than routing, to allow "backdoor/admin access" )
VM SHOULD reach external networks to allow updating from 10.20.30.3 as the host doesn't count as extra ip.
VM SHOULD reach machines on 192.168.100.X and/or on their public/ip
VM SHOULD reach host from either 192.168.100.X or it's "public ip"
The situation now is: VM CAN REACH host via 10.20.30.1
VM CAN REACH host via 178.63.206.24
VM CANNOT REACH host via 188.40.120.186 even ip neigh says it's reachable
VM CANNOT REACH outside (ex: 8.8.8.8)
VM SAYS CAN REACH 192.168.100.1 but this looks false as if I disable the ens18.4000 part still "reaches something." HOST CANNOT REACH 192.168.100.3
HOST CAN REACH 178.63.206.25
OUTSIDE CAN REACH host from 178.63.206.24
OUTSIDE CAN REACH host from 188.40.120.186
OUTSIDE CANNOT cannot reach VM on 178.63.206.25
OTHER MACHINE 192.168.100.2 can reach 192.168.100.1 but not 192.168.100.3
On the provider panel (Hetzner) it appears that I can use this.
Gateway: 188.40.120.186
Netmask: 255.255.255.248
Broadcast: 178.63.206.31
I tried to change the netmask to both the vmbr0 and the ens19 but still not working as suposed.
Also, I tried enabling/disabling VLAN aware on both bridges.
Am I missing something?
Thanks for the help!
