Access VM on private net via public ip?

[mad1993max]

Hi I only have on single public ip bound to my mac address, so I set up the default network card as described here: https://pve.proxmox.com/wiki/Network_Configuration (Masquerading)

public ip 192.170.64.54 -> to eno1
private network 10.10.10.0/24 -> on vmbr0

all vm's are connected to vmbr0 in the 10.10.10.0/24 network

Now I need to access a webserver on one vm machine (10.10.10.3), set up iptables port forwarding like that:

iptables -t nat -A PREROUTING -p tcp --dport 8888 -j DNAT --to-destination 10.10.10.3:80
iptables -t nat -A POSTROUTING -p tcp -d 10.10.10.3 --dport 80 -j SNAT --to-source 192.170.64.54

put I can't reach it from within the 192.170.64.0/24 network, what am I missing here?

Best regards Max

 

[kkjensen]

I've only ever set one up that needed to externally available and just used a dedicated Nic. If you only have one physical port, have you looked at using a vlan? Upstream you'll need to use a managed switch or a router capable of routing that vlan to your gateway.

 

[mad1993max]

I've only ever set one up that needed to externally available and just used a dedicated Nic. If you only have one physical port, have you looked at using a vlan? Upstream you'll need to use a managed switch or a router capable of routing that vlan to your gateway.

ok so I installed a second nic, but I still cant get it to work with two networks on the same witches.

NIC1 -> (net1) static 192.168.0.10

NIC2 -> (net2) bridge 10.10.10.1



I cannot ping from my second computer the 10.10.10.1 port, this is my configuration file:

auto lo
iface lo inet manual

auto enp2s0
iface enp2s0 inet dhcp


auto enp1s0f0
iface enp1s0f0 inet manual

auto vmbr0
iface vmbr0 inet static
        address  10.10.10.1
        netmask  24
        bridge-ports enp1s0f0
        bridge-stp off
        bridge-fd 0
        pridge_stp off
        pridge_fd 0