NAT redirect not working

[Martino Rabe]

Hello,

I installed Proxmox 4.2 via ISO at my Server. Considering the fact that I only have one public IP address I tried to use NAT.

This is my interface configuration:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address a.b.c.d
        netmask 255.255.255.224
        gateway a.b.c.e

auto vmbr0
iface vmbr0 inet static
        address 10.10.10.1
        netmask 255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eth0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eth0 -j MASQUERADE

        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to-destination 10.10.10.10:22
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to-destination 10.10.10.10:22

I already installed one Container (Debian) and on VM (FreeBSD). The Debian Server (Container) has IP address 10.10.10.10. SSH is installed at this machine and the SSH daemon is ready (I checked it using netstat). I am able to ping from the container to the internet (8.8.8.8). I am not able to connect to this VM from the internet using TCP port 2222.

When I start an tcpdump on the host system I am able to see incoming packets at tcp port 2222 but afterwards I am able to see that the packet is getting reseted by a TCP RST. Within the Container I am not able to see any incomging packet.

Does anyone has an hint for me ?

 

[LnxBil]

Your packet is coming in eth0, not vmbr0. Pinpoint it also to your real IP:

iptables -t nat -A PREROUTING -d a.b.c.d -p tcp --dport 2222    -j DNAT --to 10.10.10.10:22