Port forwarding from external to internal isolated LAN

Z

zrak

New Member
Dec 21, 2023
2
0
1
I feel like this should have been straight forward but not working. Basically I have two bridge networks vmbr0 (192.168.1.0/24 and on my home LAN) & vmbr1 (192.168.100.0/24 and isolated). I have VM1 (192.168.100.10) attached to vmbr1. The proxmox host is at 192.168.1.100.
Summarizing the setup:
Code: 
vmbr0 192.168.1.0/24 GW 192.168.1.1
vmbr1 192.168.100.0/24 No GW
Proxmox host: 192.168.1.100
VM1: 192.168.100.10
Home LAN: 192.168.1.0/24 GW 192.168.1.1
Source computer on home network: 192.168.1.2
From a computer (192.168.1.2) on my home network I'm sending tcp data:
Code: 
echo this | netcat 192.168.1.100 3002
and would like to see it on the other end with:
Code: 
netcat -lp 3002

To get started, that works when the netcat listening is done on the proxmox host console.
Then I added these rules:
Code: 
iptables -t nat -A PREROUTING -p tcp -d 192.168.1.100 --dport 3002 -i vmbr0 -j DNAT --to-destination 192.168.100.10:3002

Now I'm not getting the test data on the proxmox host but I'm not getting it on the VM either. What am I doing wrong?
 
For anyone else running into this issue, I missed the forwarding entry since destination is on a different subnet. Anyway, this works

Code: 
iptables -A PREROUTING -t nat -p tcp -i vmbr0 --dport 3002 -j DNAT --to-destination 192.168.100.10:3002
iptables -A POSTROUTING -t nat -p tcp -d 192.168.100.10 --dport 3002 -j MASQUERADE
iptables -A FORWARD -p tcp -d 192.168.100.10 --dport 3002 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
 
You must log in or register to reply here.
Top Bottom