d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/archive/deployment-reports/SOLUTIONS_IMPLEMENTED.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

4.4 KiB
Raw Permalink Blame History

Connectivity Solutions Implementation Report

Date: 2026-01-20
Status: SOLUTIONS IMPLEMENTED - All recommended solutions attempted

Solutions Implemented

Solution 2: Switch Containers to vmbr0

Action: Changed all containers from vmbr0v11 to vmbr0 (native VLAN 11)

Implementation:

# Updated all containers to use vmbr0
for vmid in 7800 7801 7802 7803; do
  pct set $vmid -net0 bridge=vmbr0,name=eth0,ip=<ip>/24,gw=192.168.11.1,type=veth
done

# Restarted all containers
for vmid in 7800 7801 7802 7803; do
  pct stop $vmid
  pct start $vmid
done

Status: Implemented - All containers now on vmbr0

Solution 3: Configure Host Routing/NAT

Action: Configured Proxmox host as gateway with NAT for containers

Implementation:

# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
sysctl -w net.ipv4.ip_forward=1

# Add NAT rule for containers
iptables -t nat -A POSTROUTING -s 192.168.11.0/24 -o vmbr0 -j MASQUERADE

# Made IP forwarding persistent
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf

# Saved iptables rules (if tool available)
netfilter-persistent save  # OR
iptables-save > /etc/iptables/rules.v4

Status: Implemented - NAT configured, IP forwarding enabled

⏸️ Solution 1: Router Configuration (Documented)

Action: Router/gateway configuration requirements documented

Required Steps:

  1. Access router configuration (UDM Pro or ER605)
  2. Verify VLAN 11 interface exists
  3. Configure VLAN 11 interface with IP 192.168.11.1
  4. Enable inter-VLAN routing
  5. Configure firewall rules to allow VLAN 11 traffic

Status: ⏸️ Requires manual router configuration

⏸️ Solution 4: Firewall/ACL Rules (Documented)

Action: Firewall/ACL rule requirements documented

Required Steps:

  1. Check UDM Pro firewall rules
  2. Verify VLAN 11 is not isolated
  3. Check ACL rules for VLAN 11
  4. Verify inter-VLAN routing is enabled

Status: ⏸️ Requires manual firewall configuration

Current Configuration

Container Network Settings

VMID Service Bridge IP Gateway
7800 API vmbr0 192.168.11.50
7801 Portal vmbr0 192.168.11.51
7802 Keycloak vmbr0 192.168.11.52
7803 PostgreSQL vmbr0 192.168.11.53

Host Configuration

  • IP Forwarding: Enabled
  • NAT Rules: Configured for 192.168.11.0/24
  • Persistence: Configured in /etc/sysctl.conf

Test Results

Connectivity Tests (After Implementation)

Test Result Details
Gateway Connectivity Testing -
Internet Connectivity (8.8.8.8) Testing -
DNS Resolution Testing -
HTTP Connectivity Testing -
Package Repository Access Testing -

Next Steps

If Connectivity Still Fails:

  1. Check Router Configuration:

    • Verify VLAN 11 interface on router
    • Check if router accepts 192.168.11.0/24 traffic
    • Verify firewall rules

  2. Verify Host Gateway:

    • Test if containers can reach host IP
    • Verify NAT is working
    • Check iptables rules

  3. Test Alternative Gateway:

    • If host IP is accessible, use host as gateway
    • Update containers to use host IP as gateway
    • Verify connectivity

  4. Check Network Isolation:

    • Verify VLAN 11 is not isolated
    • Check inter-VLAN routing
    • Verify ACL rules

Configuration Files Modified

Proxmox Host

  • /etc/sysctl.conf - IP forwarding enabled
  • /etc/iptables/rules.v4 - NAT rules saved (if applicable)

Container Configuration

  • All containers updated to use vmbr0
  • All containers have NAT routing configured

Commands Reference

Check IP Forwarding

cat /proc/sys/net/ipv4/ip_forward  # Should be 1
sysctl net.ipv4.ip_forward         # Should be 1

Check NAT Rules

iptables -t nat -L POSTROUTING -n | grep MASQUERADE

Check Container Configuration

for vmid in 7800 7801 7802 7803; do
  pct config $vmid | grep -E '(bridge|ip|gw)'
done

Test Connectivity

# From container
pct exec <vmid> -- ping -c 1 8.8.8.8
pct exec <vmid> -- curl -s http://google.com

Implementation Complete: 2026-01-20
Status: Solutions 2 and 3 implemented
Next: Verify connectivity and test results

Reference in New Issue View Git Blame Copy Permalink