d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/archive/deployment-reports/SOLUTIONS_IMPLEMENTED.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

189 lines
4.4 KiB
Markdown
Raw Permalink Blame History

# Connectivity Solutions Implementation Report
**Date:** 2026-01-20
**Status:****SOLUTIONS IMPLEMENTED** - All recommended solutions attempted
---
## Solutions Implemented
### ✅ Solution 2: Switch Containers to vmbr0
**Action:** Changed all containers from vmbr0v11 to vmbr0 (native VLAN 11)
**Implementation:**
```bash
# Updated all containers to use vmbr0
for vmid in 7800 7801 7802 7803; do
pct set $vmid -net0 bridge=vmbr0,name=eth0,ip=<ip>/24,gw=192.168.11.1,type=veth
done
# Restarted all containers
for vmid in 7800 7801 7802 7803; do
pct stop $vmid
pct start $vmid
done
```
**Status:** ✅ Implemented - All containers now on vmbr0
---
### ✅ Solution 3: Configure Host Routing/NAT
**Action:** Configured Proxmox host as gateway with NAT for containers
**Implementation:**
```bash
# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
sysctl -w net.ipv4.ip_forward=1
# Add NAT rule for containers
iptables -t nat -A POSTROUTING -s 192.168.11.0/24 -o vmbr0 -j MASQUERADE
# Made IP forwarding persistent
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
# Saved iptables rules (if tool available)
netfilter-persistent save # OR
iptables-save > /etc/iptables/rules.v4
```
**Status:** ✅ Implemented - NAT configured, IP forwarding enabled
---
### ⏸️ Solution 1: Router Configuration (Documented)
**Action:** Router/gateway configuration requirements documented
**Required Steps:**
1. Access router configuration (UDM Pro or ER605)
2. Verify VLAN 11 interface exists
3. Configure VLAN 11 interface with IP 192.168.11.1
4. Enable inter-VLAN routing
5. Configure firewall rules to allow VLAN 11 traffic
**Status:** ⏸️ Requires manual router configuration
---
### ⏸️ Solution 4: Firewall/ACL Rules (Documented)
**Action:** Firewall/ACL rule requirements documented
**Required Steps:**
1. Check UDM Pro firewall rules
2. Verify VLAN 11 is not isolated
3. Check ACL rules for VLAN 11
4. Verify inter-VLAN routing is enabled
**Status:** ⏸️ Requires manual firewall configuration
---
## Current Configuration
### Container Network Settings
| VMID | Service | Bridge | IP | Gateway |
|------|---------|--------|----|---------|
| 7800 | API | vmbr0 | 192.168.11.50 | <configured> |
| 7801 | Portal | vmbr0 | 192.168.11.51 | <configured> |
| 7802 | Keycloak | vmbr0 | 192.168.11.52 | <configured> |
| 7803 | PostgreSQL | vmbr0 | 192.168.11.53 | <configured> |
### Host Configuration
- **IP Forwarding:** Enabled
- **NAT Rules:** Configured for 192.168.11.0/24
- **Persistence:** Configured in /etc/sysctl.conf
---
## Test Results
### Connectivity Tests (After Implementation)
| Test | Result | Details |
|------|--------|---------|
| Gateway Connectivity | ⏳ Testing | - |
| Internet Connectivity (8.8.8.8) | ⏳ Testing | - |
| DNS Resolution | ⏳ Testing | - |
| HTTP Connectivity | ⏳ Testing | - |
| Package Repository Access | ⏳ Testing | - |
---
## Next Steps
### If Connectivity Still Fails:
1. **Check Router Configuration:**
- Verify VLAN 11 interface on router
- Check if router accepts 192.168.11.0/24 traffic
- Verify firewall rules
2. **Verify Host Gateway:**
- Test if containers can reach host IP
- Verify NAT is working
- Check iptables rules
3. **Test Alternative Gateway:**
- If host IP is accessible, use host as gateway
- Update containers to use host IP as gateway
- Verify connectivity
4. **Check Network Isolation:**
- Verify VLAN 11 is not isolated
- Check inter-VLAN routing
- Verify ACL rules
---
## Configuration Files Modified
### Proxmox Host
- `/etc/sysctl.conf` - IP forwarding enabled
- `/etc/iptables/rules.v4` - NAT rules saved (if applicable)
### Container Configuration
- All containers updated to use vmbr0
- All containers have NAT routing configured
---
## Commands Reference
### Check IP Forwarding
```bash
cat /proc/sys/net/ipv4/ip_forward # Should be 1
sysctl net.ipv4.ip_forward # Should be 1
```
### Check NAT Rules
```bash
iptables -t nat -L POSTROUTING -n | grep MASQUERADE
```
### Check Container Configuration
```bash
for vmid in 7800 7801 7802 7803; do
pct config $vmid | grep -E '(bridge|ip|gw)'
done
```
### Test Connectivity
```bash
# From container
pct exec <vmid> -- ping -c 1 8.8.8.8
pct exec <vmid> -- curl -s http://google.com
```
---
**Implementation Complete:** 2026-01-20
**Status:** ✅ Solutions 2 and 3 implemented
**Next:** Verify connectivity and test results
Reference in New Issue View Git Blame Copy Permalink