hi yes of cours here's the output :changing the configuration and simply reloading, doesn't always remove the NAT rules from iptables. Can you post the output of
Code:iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http-alt to:192.168.1.2:8080
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  192.168.1.0/24       anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  192.168.1.0/24       anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http-alt to:192.168.1.2:8080
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere            !127.0.0.0/8          ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  172.17.0.0/16        anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywherethanks for your time, but should i reboot the proxmox host ? but why ? if i reboot the host whats going to happen ?as already said, reboot to clear iptables.
auto vmbr2
#private sub network
iface vmbr2 inet static
        address  192.168.1.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
       # post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
       # post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
# redirection to the web server
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 32768 -j DNAT --to 192.168.1.2:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 32768 -j DNAT --to 192.168.1.2:22
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 30800 -j DNAT --to 192.168.1.2:30800
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 30800 -j DNAT --to 192.168.1.2:30800
        post-up iptables -t nat -A PREROUTING  -i  vmbr0 -p tcp --dport 8080 -j DNAT --to 192.168.1.2:8080
        post-down iptables -t nat -D PREROUTING -i  vmbr0 -p tcp --dport 8080 -j DNAT --to 192.168.1.2:8080We use essential cookies to make this site work, and optional cookies to enhance your experience.
 
	