Internet access from LXC containers in proxmox 5.1 on VirtualBox

0

I've installed a Proxmox VE 5.1 on a VirtualBox in macOS (10.12).

The guess OS, Debian Strech (Proxmox is built on debian), has 2 "physical" network interfaces (configured from VirtualBox), Host-Only and NAT, I can access to internet through the NAT interface:

root@proxmox:~# traceroute 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
 1  10.0.3.2 (10.0.3.2)  0.792 ms  0.694 ms  0.625 ms
 2  1dot1dot1dot1.cloudflare-dns.com (1.1.1.1)  2.829 ms  2.818 ms  3.318 ms

The /etc/network/interfaces in the debian host contains:

auto lo
iface lo inet loopback

auto enp0s3
iface enp0s3 inet static
    address  192.168.56.101
    netmask  255.255.255.0

auto enp0s8
iface enp0s8 inet static
    address  10.0.3.15
    netmask  255.255.255.0
    gateway  10.0.3.2
#NAT

auto vmbr0
iface vmbr0 inet static
    address  172.16.1.1
    netmask  255.255.255.0
    bridge_ports dummy1
    bridge_stp off
    bridge_fd 0

The "guest", debian sees to macOS ("host") from both interfaces (macOS IPs: 192.168.56.1, 10.0.3.2).

The vmbr0 virtual interface was created for the proxmox LXC containers, I've added a iptables rule to send all the traffic from vmbr0 to the enp0s8 interface (the NAT interface in VirtualBox).

iptables -A POSTROUTING -s 172.16.1.0/24 -o enp0s8 -j MASQUERADE -t nat

The problem is that when I create a LXC container inside proxmox, using the vmbr0 as network interface, the LXC container has not internet access, I can ping to the proxmox "master" (IP: 172.16.1.1) but nothing else.

I've also tried to use enp0s8 as bridge_ports parameter, same result.

The file /etc/network/interfaces in the LXC container (Ubuntu 16.04) contains:

auto eth0
iface eth0 inet static
        address 172.16.1.100
        netmask 255.255.255.0
        gateway 172.16.1.1

I have a quite similar config in another proxmox server (but in bare metal, not VirtualBox installation) and It works ok.

Can anyone tell me what is incorrect or missing in the network configuration to allow containers access to internet ?

Roberto

Posted 2018-04-25T18:53:25.850

Reputation: 99

Answers

-1

The problem was that the debian host ("master" in proxmox), hadn't got the ip_routing active, so executing the following command all begins to work Ok:

echo 1 > /proc/sys/net/ipv4/ip_forward

So now, I get (from lxc container):

# traceroute 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
 1  172.16.1.1 (172.16.1.1)  0.978 ms  0.931 ms  0.911 ms
 2  10.0.3.2 (10.0.3.2)  0.894 ms  0.810 ms  0.757 ms
 3  * * *
 4  1dot1dot1dot1.cloudflare-dns.com (1.1.1.1)  5.780 ms  6.463 ms  6.909 ms

Roberto

Posted 2018-04-25T18:53:25.850

Reputation: 99

Just curious, why was this answer downvoted?, can anyone tell me if I did something wrong or inappropriate ? BTW no other answers, no comments on answer or question... – Roberto – 2020-02-12T20:04:41.847

Asked: 2018-04-25T18:53:25.850

Viewed: 3 096 times

Active: 2018-04-27T06:46:28.870