Hi,
I have a single old Proxmox host and a new one that I want to migrate everything to (manually). Downtime for data migration is expected, but I wanted to minimise the "downtime" from the DNS updates to the new IPs.
Both machines run a bridged networking setup with a single /29 IPv4 assignment each. Host uses the first usable IP of that, four VMs use the others.
So I tried what I did before in non-Proxmox setups:
OLD_IP_VM and NEW_IP_VM are the respective IP for the fourth VM. I can not make any connection with that setup though. Even tried disabling the Proxmox firewall at the "cluster" level and confirmed iptables was showing all tables+chains as empty, with the policy for each being ACCEPT.
Then I tried this one:
OLD_IP_HOST is obviously the IP of the old host, still forwarding to the same VM as in the other test. Running "nc -l 12345" on that machine. Still doing a "nc $OLD_IP_HOST 12345" fails by default.
When running "tcpdump -ni vmbr0 tcp port 443" (any port for that matter, vmbr0 is the host bridge with all the VMs on it too) on the old host with the iptables setup makes the netcat connection suddenly work though! As long as it's not run with "-p" to disable promiscuous mode.
/EDIT: But really *only* that one, still not by trying to do a "nc $OLD_IP_VM 12345".
Never had experienced anything like that before, is there anything I am doing wrong here? How do you get such a DNAT/SNAT setup working in combination with a Proxmox host? Disabling the Proxmox firewall would be ok as I would shut down the VMs on the old host anyway, but as I said that alone does not help either.
Cheers,
Chris
I have a single old Proxmox host and a new one that I want to migrate everything to (manually). Downtime for data migration is expected, but I wanted to minimise the "downtime" from the DNS updates to the new IPs.
Both machines run a bridged networking setup with a single /29 IPv4 assignment each. Host uses the first usable IP of that, four VMs use the others.
So I tried what I did before in non-Proxmox setups:
Bash:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -d $OLD_IP_VM -j DNAT --to-destination $NEW_IP_VM
iptables -t nat -A POSTROUTING -d $NEW_IP_VM -j SNAT --to-source $OLD_IP_VMOLD_IP_VM and NEW_IP_VM are the respective IP for the fourth VM. I can not make any connection with that setup though. Even tried disabling the Proxmox firewall at the "cluster" level and confirmed iptables was showing all tables+chains as empty, with the policy for each being ACCEPT.
Then I tried this one:
Bash:
iptables -t nat -A PREROUTING -d $OLD_IP_HOST -p tcp --dport 12345 -j DNAT --to-destination $NEW_IP_VM
iptables -t nat -A POSTROUTING -d $NEW_IP_VM -j SNAT --to-source $OLD_IP_HOSTWhen running "tcpdump -ni vmbr0 tcp port 443" (any port for that matter, vmbr0 is the host bridge with all the VMs on it too) on the old host with the iptables setup makes the netcat connection suddenly work though! As long as it's not run with "-p" to disable promiscuous mode.
/EDIT: But really *only* that one, still not by trying to do a "nc $OLD_IP_VM 12345".
Never had experienced anything like that before, is there anything I am doing wrong here? How do you get such a DNAT/SNAT setup working in combination with a Proxmox host? Disabling the Proxmox firewall would be ok as I would shut down the VMs on the old host anyway, but as I said that alone does not help either.
Cheers,
Chris
Last edited:
