Attempt to port forward RDP to my Proxmox WAN IP

GabrielR_ · Jan 5, 2022

Hello everyone. I have a problem.

I created a subnet so the VMs I create don't take up IP space. I have created a Windows Server 2012 machine used for my personal cloud (200GB SSD + 1TB External HDD).

I try to port forward 3389 port using these ip table commands:
post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 3389 -j DNAT --to 150.40.0.2:3389
post-down iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 3389 -j DNAT --to 150.40.0.2:3389
and it doesn't work.

My interface config is this:
iface lo inet loopback

iface enp2s0 inet manual

auto vmbr0
iface vmbr0 inet static
address 192.168.2.100/24
gateway 192.168.2.1
bridge-ports enp2s0
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet static
address 150.40.0.1/16
netmask 255.255.0.0
bridge-ports none
bridge-stp off
bridge-fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '150.40.0.0/16' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '150.40.0.0/16' -o vmbr0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 3389 -j DNAT --to 150.40.0.2:3389
post-down iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 3389 -j DNAT --to 150.40.0.2:3389

Any help? Thanks

Moayad · Jan 5, 2022

hi,

Are you sure that the RDP port in the VM works in UDP?

bobmc · Jan 5, 2022

Are you trying to access your RDP client from your local network or from outside your home?

Also '150.40.0.0/16' is not a valid IP range for private networks

GabrielR_ · Jan 5, 2022

bobmc said:
Are you trying to access your RDP client from your local network or from outside your home?

Also '150.40.0.0/16' is not a valid IP range for private networks

Locally from my computer.

GabrielR_ · Jan 5, 2022

bobmc said:
Also '150.40.0.0/16' is not a valid IP range for private networks

I also tried with a /24 subnet, still no access at all.

GabrielR_ · Jan 5, 2022

Moayad said:
hi,

Are you sure that the RDP port in the VM works in UDP?

Using my vmbr0 (which is basically connecting with the router directly) works fine.

bobmc · Jan 6, 2022

This works for me....


auto lo
iface lo inet loopback

iface enp3s0f0 inet manual

iface enp3s0f1 inet manual

auto vmbr0
iface vmbr0 inet static
        address 172.23.100.162/24
        gateway 172.23.100.254
        bridge-ports enp3s0f0
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address 10.0.10.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
post-up   iptables -t nat -A POSTROUTING -s '10.0.10.1/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.10.1/24' -o vmbr0 -j MASQUERADE
post-up   iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to 10.0.10.11:3389
post-down iptables -t nat -A FORWARD -p tcp --dport 3389 -j ACCEPT

GabrielR_ · Jan 6, 2022

bobmc said:
This works for me....

auto lo iface lo inet loopback iface enp3s0f0 inet manual iface enp3s0f1 inet manual auto vmbr0 iface vmbr0 inet static address 172.23.100.162/24 gateway 172.23.100.254 bridge-ports enp3s0f0 bridge-stp off bridge-fd 0 auto vmbr1 iface vmbr1 inet static address 10.0.10.1/24 bridge-ports none bridge-stp off bridge-fd 0 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '10.0.10.1/24' -o vmbr0 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '10.0.10.1/24' -o vmbr0 -j MASQUERADE post-up iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to 10.0.10.11:3389 post-down iptables -t nat -A FORWARD -p tcp --dport 3389 -j ACCEPT

Update: That 150.40.0.0 address was filled out from a friend who's working on the machine with me and wrote down some random IP (the which is located in Japan). I already knew something wasn't right.

Like I said earlier, I tried a 192.168.0.0 address, yet it still didn't work and that was because I've had dnsnasq (DHCP plugin) enabled, as if they both somehow conflicted. Disabled it, used a 10.0.0.0 address and now it works flawlessly. Thank you.

glockmane · Friday at 16:20

bobmc said:
This works for me....

auto lo
iface lo inet loopback

iface enp3s0f0 inet manual

iface enp3s0f1 inet manual

auto vmbr0
iface vmbr0 inet static
address 172.23.100.162/24
gateway 172.23.100.254
bridge-ports enp3s0f0
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet static
address 10.0.10.1/24
bridge-ports none
bridge-stp off
bridge-fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.0.10.1/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.10.1/24' -o vmbr0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to 10.0.10.11:3389
post-down iptables -t nat -A FORWARD -p tcp --dport 3389 -j ACCEPT

Did you activate PVE Firewall at Datacenter Level? Do I need to enable IPv4 Forwarding?

Search

Search

Attempt to port forward RDP to my Proxmox WAN IP

GabrielR_

New Member

Moayad

Proxmox Staff Member

bobmc

Renowned Member

GabrielR_

New Member

GabrielR_

New Member

GabrielR_

New Member

bobmc

Renowned Member

GabrielR_

New Member

glockmane

Member

We value your privacy