Attempt to port forward RDP to my Proxmox WAN IP

[GabrielR_]

Hello everyone. I have a problem.

I created a subnet so the VMs I create don't take up IP space. I have created a Windows Server 2012 machine used for my personal cloud (200GB SSD + 1TB External HDD).

I try to port forward 3389 port using these ip table commands:
post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 3389 -j DNAT --to 150.40.0.2:3389
post-down iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 3389 -j DNAT --to 150.40.0.2:3389
and it doesn't work.

My interface config is this:
iface lo inet loopback

iface enp2s0 inet manual

auto vmbr0
iface vmbr0 inet static
address 192.168.2.100/24
gateway 192.168.2.1
bridge-ports enp2s0
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet static
address 150.40.0.1/16
netmask 255.255.0.0
bridge-ports none
bridge-stp off
bridge-fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '150.40.0.0/16' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '150.40.0.0/16' -o vmbr0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 3389 -j DNAT --to 150.40.0.2:3389
post-down iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 3389 -j DNAT --to 150.40.0.2:3389

Any help? Thanks

 

[Moayad]

hi,

Are you sure that the RDP port in the VM works in UDP?

 

[bobmc]

Are you trying to access your RDP client from your local network or from outside your home?

Also '150.40.0.0/16' is not a valid IP range for private networks

 

[GabrielR_]

Are you trying to access your RDP client from your local network or from outside your home?

Also '150.40.0.0/16' is not a valid IP range for private networks

Locally from my computer.

 

[GabrielR_]

Also '150.40.0.0/16' is not a valid IP range for private networks

I also tried with a /24 subnet, still no access at all.

 

[GabrielR_]

hi,

Are you sure that the RDP port in the VM works in UDP?

Using my vmbr0 (which is basically connecting with the router directly) works fine.

 

[bobmc]

This works for me....


auto lo iface lo inet loopback iface enp3s0f0 inet manual iface enp3s0f1 inet manual auto vmbr0 iface vmbr0 inet static address 172.23.100.162/24 gateway 172.23.100.254 bridge-ports enp3s0f0 bridge-stp off bridge-fd 0 auto vmbr1 iface vmbr1 inet static address 10.0.10.1/24 bridge-ports none bridge-stp off bridge-fd 0 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '10.0.10.1/24' -o vmbr0 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '10.0.10.1/24' -o vmbr0 -j MASQUERADE post-up iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to 10.0.10.11:3389 post-down iptables -t nat -A FORWARD -p tcp --dport 3389 -j ACCEPT

 

[GabrielR_]

This works for me....


auto lo iface lo inet loopback iface enp3s0f0 inet manual iface enp3s0f1 inet manual auto vmbr0 iface vmbr0 inet static address 172.23.100.162/24 gateway 172.23.100.254 bridge-ports enp3s0f0 bridge-stp off bridge-fd 0 auto vmbr1 iface vmbr1 inet static address 10.0.10.1/24 bridge-ports none bridge-stp off bridge-fd 0 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '10.0.10.1/24' -o vmbr0 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '10.0.10.1/24' -o vmbr0 -j MASQUERADE post-up iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to 10.0.10.11:3389 post-down iptables -t nat -A FORWARD -p tcp --dport 3389 -j ACCEPT

Update: That 150.40.0.0 address was filled out from a friend who's working on the machine with me and wrote down some random IP (the which is located in Japan). I already knew something wasn't right.

Like I said earlier, I tried a 192.168.0.0 address, yet it still didn't work and that was because I've had dnsnasq (DHCP plugin) enabled, as if they both somehow conflicted. Disabled it, used a 10.0.0.0 address and now it works flawlessly. Thank you.