Attempt to port forward RDP to my Proxmox WAN IP

GabrielR_

New Member
Jan 5, 2022
5
0
1
21
Hello everyone. I have a problem.

I created a subnet so the VMs I create don't take up IP space. I have created a Windows Server 2012 machine used for my personal cloud (200GB SSD + 1TB External HDD).

I try to port forward 3389 port using these ip table commands:
post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 3389 -j DNAT --to 150.40.0.2:3389
post-down iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 3389 -j DNAT --to 150.40.0.2:3389
and it doesn't work.

My interface config is this:
iface lo inet loopback

iface enp2s0 inet manual

auto vmbr0
iface vmbr0 inet static
address 192.168.2.100/24
gateway 192.168.2.1
bridge-ports enp2s0
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet static
address 150.40.0.1/16
netmask 255.255.0.0
bridge-ports none
bridge-stp off
bridge-fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '150.40.0.0/16' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '150.40.0.0/16' -o vmbr0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 3389 -j DNAT --to 150.40.0.2:3389
post-down iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 3389 -j DNAT --to 150.40.0.2:3389

Any help? Thanks
 
Are you trying to access your RDP client from your local network or from outside your home?

Also '150.40.0.0/16' is not a valid IP range for private networks
 
This works for me....


auto lo iface lo inet loopback iface enp3s0f0 inet manual iface enp3s0f1 inet manual auto vmbr0 iface vmbr0 inet static address 172.23.100.162/24 gateway 172.23.100.254 bridge-ports enp3s0f0 bridge-stp off bridge-fd 0 auto vmbr1 iface vmbr1 inet static address 10.0.10.1/24 bridge-ports none bridge-stp off bridge-fd 0 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '10.0.10.1/24' -o vmbr0 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '10.0.10.1/24' -o vmbr0 -j MASQUERADE post-up iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to 10.0.10.11:3389 post-down iptables -t nat -A FORWARD -p tcp --dport 3389 -j ACCEPT
 
This works for me....


auto lo iface lo inet loopback iface enp3s0f0 inet manual iface enp3s0f1 inet manual auto vmbr0 iface vmbr0 inet static address 172.23.100.162/24 gateway 172.23.100.254 bridge-ports enp3s0f0 bridge-stp off bridge-fd 0 auto vmbr1 iface vmbr1 inet static address 10.0.10.1/24 bridge-ports none bridge-stp off bridge-fd 0 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '10.0.10.1/24' -o vmbr0 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '10.0.10.1/24' -o vmbr0 -j MASQUERADE post-up iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to 10.0.10.11:3389 post-down iptables -t nat -A FORWARD -p tcp --dport 3389 -j ACCEPT
Update: That 150.40.0.0 address was filled out from a friend who's working on the machine with me and wrote down some random IP (the which is located in Japan). I already knew something wasn't right.

Like I said earlier, I tried a 192.168.0.0 address, yet it still didn't work and that was because I've had dnsnasq (DHCP plugin) enabled, as if they both somehow conflicted. Disabled it, used a 10.0.0.0 address and now it works flawlessly. Thank you.
 
This works for me....



auto lo
iface lo inet loopback

iface enp3s0f0 inet manual

iface enp3s0f1 inet manual

auto vmbr0
iface vmbr0 inet static
address 172.23.100.162/24
gateway 172.23.100.254
bridge-ports enp3s0f0
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet static
address 10.0.10.1/24
bridge-ports none
bridge-stp off
bridge-fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.0.10.1/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.10.1/24' -o vmbr0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to 10.0.10.11:3389
post-down iptables -t nat -A FORWARD -p tcp --dport 3389 -j ACCEPT
Did you activate PVE Firewall at Datacenter Level? Do I need to enable IPv4 Forwarding?