I have Promox server with 3 IPs (Main IP and 2 additional ones). Server has 3 CTs and I want to assign all 3 IPs to those CTs.
Assinging them directly to CTs/VMs didn't work (even gateway is not accessible). So I did NAT1:1 with -j NETMAP.
From outside it works correctly, but I cannot connect between each CTs using their external IP address.
Configuration:
All CTs/VMs are connected to both vmbr0 (external static IPv6) and vmbr1 (internal static IPv4).
iface ens3 inet manual
auto vmbr0
iface vmbr0 inet static
address 176.X.Y.Z/24 #Main IP
gateway 176.X.Y.GW
bridge-ports ens3
bridge-stp off
bridge-fd 1
# InterNet
iface vmbr0 inet6 static
address <ip6_subnet_here>::1/64
gateway fe80::1
post-up /srv/bin/router-up.sh
post-down /srv/bin/router-down.sh
auto vmbr0:1
iface vmbr0:1 inet static
address 31.A.B.C/24 # First additional IP
auto vmbr0:5
iface vmbr0:5 inet static
address 31.A.B.D/24 # Second additional IP
IPTables rules for NAT are here /srv/bin/router-up.sh
-A PREROUTING -d 176.X.Y.Z/32 -j NETMAP --to 192.168.1.25/32 #192.168.1.25 is CT1 IP in vmbr1
-A PREROUTING -d 31.A.B.C/32 -j NETMAP --to 192.168.1.9/32 #192.168.1.9 is CT2 IP in vmbr1
-A PREROUTING -d 31.A.B.D/32 -j NETMAP --to 192.168.1.2/32 #192.168.1.2 is CT3 IP in vmbr1
-A POSTROUTING -s 192.168.1.25/32 -j NETMAP --to 176.X.Y.Z/32
-A POSTROUTING -s 192.168.1.9/32 -j NETMAP --to 31.A.B.C/32
-A POSTROUTING -s 192.168.1.2/32 -j NETMAP --to 31.A.B.D/32
/srv/bin/router-down.sh just deletes those rules.
Please suggest how to change configuration to be able to connect from each CT/VM to others (using external IP).
Thanks.
