Hello!
I've set up an internal NAT on Proxmox. I can access the internet fine on VMs that I install in the NAT - any website, any program, etc. Here is my NAT configuration:
However. In my easypanel VM (10.10.10.3), I run several Docker containers. In these docker containers, I will make calls to other docker containers in the easypanel machine (e.g. my automation tool n8n, I call a webhook in n8n that triggers another workflow). As an example:
Let's say my public domain for n8n is n8n.example.com. A trigger gets sent from our ERP to n8n.example.com/add-order. n8n runs a workflow. Halfway through the workflow, the n8n workflow triggers another workflow by HTTP request (n8n.example.com/add-product-to-order). However, I get an error when I try to run that:
The weird thing is, that the docker containers can reach the web, they just can't reach back to themselves. Is this a Proxmox NAT issue? Or a Docker network issue. I had this same setup on a server with a dedicated public IP, and I never had this issue, which makes me think it's a Proxmox NAT issue.
EDIT: As a side note, I also attempted to run a mailserver. I could connect to the mailserver fine, but when I ran the mailserver self-test, it was unable to establish an outbound connetion to port 25...only happened on the server with Proxmox NAT
I've set up an internal NAT on Proxmox. I can access the internet fine on VMs that I install in the NAT - any website, any program, etc. Here is my NAT configuration:
Code:
auto lo
iface lo inet loopback
iface eno1 inet static
address MY_PUBLIC_IP
gateway MY_PUBLIC_GATEWAY
auto vmbr0
iface vmbr0 inet static
address 10.10.10.1
netmask 255.255.255.0
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.10/24' -o eno1 -j MASQUERADE
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptablse -t raw -d PREROUTING -i fwbr+ -j CT --zone 1
# ssh to easypanel
post-up iptables -t nat -A PREROUTING -p tcp --dport 102 -i eno1 -j DNAT --to-destination 10.10.10.3:22
# http to easypanel
post-up iptables -t nat -A PREROUTING -p tcp --dport 80 -i eno1 -j DNAT --to-destination 10.10.10.3:80
# https to easypanel
post-up iptables -t nat -A PREROUTING -p tcp --dport 443 -i eno1 -j DNAT --to-destination 10.10.10.3:443
# poste.io ports to easypanel
post-up iptables -t nat -A PREROUTING -p tcp --dport 25 -i eno1 -j DNAT --to-destination 10.10.10.3:25
post-up iptables -t nat -A PREROUTING -p tcp --dport 110 -i eno1 -j DNAT --to-destination 10.10.10.3:110
post-up iptables -t nat -A PREROUTING -p tcp --dport 143 -i eno1 -j DNAT --to-destination 10.10.10.3:143
post-up iptables -t nat -A PREROUTING -p tcp --dport 465 -i eno1 -j DNAT --to-destination 10.10.10.3:465
post-up iptables -t nat -A PREROUTING -p tcp --dport 587 -i eno1 -j DNAT --to-destination 10.10.10.3:587
post-up iptables -t nat -A PREROUTING -p tcp --dport 993 -i eno1 -j DNAT --to-destination 10.10.10.3:993
post-up iptables -t nat -A PREROUTING -p tcp --dport 995 -i eno1 -j DNAT --to-destination 10.10.10.3:995However. In my easypanel VM (10.10.10.3), I run several Docker containers. In these docker containers, I will make calls to other docker containers in the easypanel machine (e.g. my automation tool n8n, I call a webhook in n8n that triggers another workflow). As an example:
Let's say my public domain for n8n is n8n.example.com. A trigger gets sent from our ERP to n8n.example.com/add-order. n8n runs a workflow. Halfway through the workflow, the n8n workflow triggers another workflow by HTTP request (n8n.example.com/add-product-to-order). However, I get an error when I try to run that:
Code:
ERROR: The service refused the connection - perhaps it is offline
connect ECONNREFUSED MY_PUBLIC_IP:443The weird thing is, that the docker containers can reach the web, they just can't reach back to themselves. Is this a Proxmox NAT issue? Or a Docker network issue. I had this same setup on a server with a dedicated public IP, and I never had this issue, which makes me think it's a Proxmox NAT issue.
EDIT: As a side note, I also attempted to run a mailserver. I could connect to the mailserver fine, but when I ran the mailserver self-test, it was unable to establish an outbound connetion to port 25...only happened on the server with Proxmox NAT
Last edited: