Hello,
I explain you my configuration :
- a server with Debian 8 and Proxmox installed. It has a local address (eth0 : 10.0.0.100) and access Internet via a proxy ;
- a guest with Centos 7, with an address in 192.168.0.100. I gave it all the proxy configuration and it can access Internet without problem.
The local network between Proxmox host and Centos guest is via the vmbr0 interface on the host (192.168.0.254).
My goal is to access any VM from the 10.0.0.0 network. For example, no problem to access the 10.0.0.100 machine in SSH. With the good NAT rule, no problem to access the 192.168.0.100 in SSH.
But my problem is the following : when I want to access the web server (Foreman) installed on the CentOS guest, impossible to access it from the 10.0.0.0 network.
The Foreman admin page is accessible by the following : https://foreman.mycompany.org (for example).
I have configured the /etc/hosts file in order to map the 192.168.0.100 to the domain name foreman.mycompany.org.
From the 10.0.0.100 machine, with lynx : no problem, the Foreman admin page appears.
But from any 10.0.0.0 network machine, no way to access the page.
I have tried many NAT rule via iptables, reverse proxy via apache2 : no solution worked. :/
Have you an idea, please?
My host configuration :
~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.0.0/24 state NEW,RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 192.168.0.0/24 anywhere
DNAT tcp -- anywhere anywhere tcp dpt:2222 to:192.168.0.100:22
DNAT tcp -- anywhere anywhere tcp dpt:https to:192.168.0.100:443
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.0.0/24 anywhere
My reverse proxy conf :
<IfModule mod_ssl.c>
<VirtualHost *:443>
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
<Proxy https://foreman.mycompany.org/>
Order Deny,Allow
Allow from all
</Proxy>
ServerName foreman.mycompany.org
ProxyRequests Off
ProxyPass / https://foreman.mycompany.org/
ProxyPassReverse / https://foreman.mycompany.org/
</VirtualHost>
</IfModule>
Thank you in advance for your help !
I explain you my configuration :
- a server with Debian 8 and Proxmox installed. It has a local address (eth0 : 10.0.0.100) and access Internet via a proxy ;
- a guest with Centos 7, with an address in 192.168.0.100. I gave it all the proxy configuration and it can access Internet without problem.
The local network between Proxmox host and Centos guest is via the vmbr0 interface on the host (192.168.0.254).
My goal is to access any VM from the 10.0.0.0 network. For example, no problem to access the 10.0.0.100 machine in SSH. With the good NAT rule, no problem to access the 192.168.0.100 in SSH.
But my problem is the following : when I want to access the web server (Foreman) installed on the CentOS guest, impossible to access it from the 10.0.0.0 network.
The Foreman admin page is accessible by the following : https://foreman.mycompany.org (for example).
I have configured the /etc/hosts file in order to map the 192.168.0.100 to the domain name foreman.mycompany.org.
From the 10.0.0.100 machine, with lynx : no problem, the Foreman admin page appears.
But from any 10.0.0.0 network machine, no way to access the page.
I have tried many NAT rule via iptables, reverse proxy via apache2 : no solution worked. :/
Have you an idea, please?
My host configuration :
~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.0.0/24 state NEW,RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 192.168.0.0/24 anywhere
DNAT tcp -- anywhere anywhere tcp dpt:2222 to:192.168.0.100:22
DNAT tcp -- anywhere anywhere tcp dpt:https to:192.168.0.100:443
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.0.0/24 anywhere
My reverse proxy conf :
<IfModule mod_ssl.c>
<VirtualHost *:443>
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
<Proxy https://foreman.mycompany.org/>
Order Deny,Allow
Allow from all
</Proxy>
ServerName foreman.mycompany.org
ProxyRequests Off
ProxyPass / https://foreman.mycompany.org/
ProxyPassReverse / https://foreman.mycompany.org/
</VirtualHost>
</IfModule>
Thank you in advance for your help !