Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
P
P
Pavel Nikitaev2019-09-13 20:14:07
Debian
Pavel Nikitaev, 2019-09-13 20:14:07

Why is the server's internal IP address being translated to the outside?

Good afternoon, habrasoobshchestvo!
I need your help with a network issue.
Available:
* Dedicated server with OS Proxmox VE 5.4 (Debian-based) and several virtual machines.
* To access the Internet, a bridge was created on eth0 ( bridge-ports eth0)
* For a local network between virtual machines, a bridge was created without binding to a network interface ( bridge-ports none)
* To distribute the Internet to virtual machines, I use the iptables masquerade rule
* One virtual machine has two interfaces at once vmbr0 (with its own external ip) and vmbr1
Settings of its network interfaces:
/etc/network/interfaces:

iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
 address  95.95.95.95
 netmask  255.255.255.0
 gateway  95.95.95.1
 bridge-ports eth0
 bridge-stp off
 bridge-fd 0

auto vmbr1
iface vmbr1 inet static
 address  192.168.0.1
 netmask  255.255.255.0
 bridge-ports none
 bridge-stp off
 bridge-fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE

Diagram of this network:
5d7bccc783584724951965.jpeg
Question:
The provider says that he sees 192.168.0.1 because of which the provider's network is disrupted. It requires you to stop providing this IP address to the outside.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
H
hint000, 2019-09-14
@Devoll

post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE

add the following to this command:
Let me explain the logic. The fact is that
ISP says it sees 192.168.0.1
, which is the address of the physical host, the same one running MASQUERADE. The POSTROUTING chain works for packets that are forwarded (for example, from virtual machines), but for packets generated by the same host, POSTROUTING does not work, you need to use OUTPUT instead.

Report
D
Dimonchik, 2019-09-14
@dimonchik2013

ISP's network is disrupted

good provider and interesting contests

Report
A
Andrey Barbolin, 2019-09-13
@dronmaxman

I agree, somehow strange, you have everything according to the manual. Try dumping traffic on eth0. It is interesting to see what the packets from 192.168.0.1 look like. It seems to me that the provider sees arp. Perhaps some kind of proxy-arp works in proxmox.
Try to transfer white IP to eth0.
What do you have here?
cat > /proc/sys/net/ipv4/conf/vmbr0/proxy_arp

Similar questions
D
Dmitry2014-02-26 13:54:20
How to check the remote control on Debian? 0Reply
M
Michail Wowtschuk2018-10-02 15:40:29
How to organize secure data exchange between a server in the USA and Singapore? 1Reply
M
Microtron2016-05-04 15:33:16
How to change font size of Chrome interface in Debian? 0Reply
F
FanVan2018-10-03 13:27:44
How to remove CertBot? 0Reply
J
Julia Lis2021-12-09 13:47:13
How to find ip addresses by mask in iptables linux? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question