Ausgehenden Netzwerkverkehr maskieren

A

AndreL

Member
Proxmox Subscriber
Feb 13, 2019
10
0
6
Guten Abend!

Ich möchte den ausgehenden Netzwerkverkehr auf meinem System (Proxmox 6.4-13) maskieren, so dass immer die öffentliche IP genutzt wird. Über entsprechende Regeln in der Datei /etc/network/interfaces

Code: 
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

iface lo inet6 loopback

auto enp5s0
iface enp5s0 inet static
    address 138.xxx.yyy.242/26
    gateway 138.xxx.yyy.193
    up route add -net 138.xxx.yyy.192 netmask 255.255.255.192 gw 138.xxx.yyy.193 dev enp5s0
# route 138.xxx.yyy.192/26 via 138.xxx.yyy.193

auto ens4
iface ens4 inet manual

auto vmbr0
iface vmbr0 inet static
    address 192.168.106.1/24
    bridge-ports ens4
    bridge-stp off
    bridge-fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -A INPUT -p tcp --destination-port 111 -j DROP
post-up iptables -A INPUT -p udp --destination-port 111 -j DROP
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-up iptables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 46011 -j DNAT --to-destination 192.168.106.11:3389
post-up iptables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 46012 -j DNAT --to-destination 192.168.106.12:3389
post-up iptables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 46013 -j DNAT --to-destination 192.168.106.13:3389
post-up iptables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 46014 -j DNAT --to-destination 192.168.106.14:3389
post-up iptables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 46015 -j DNAT --to-destination 192.168.106.15:3389
post-up iptables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 46016 -j DNAT --to-destination 192.168.106.16:3389
post-up iptables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 46017 -j DNAT --to-destination 192.168.106.17:3389
post-up iptables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 46018 -j DNAT --to-destination 192.168.106.18:3389
post-up iptables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 46019 -j DNAT --to-destination 192.168.106.19:3389
post-up iptables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 46020 -j DNAT --to-destination 192.168.106.20:3389
post-up iptables -A PREROUTING -t nat -i enp5s0 -p udp --dport 5060 -j DNAT --to-destination 192.168.106.10:5060
post-up iptables -A PREROUTING -t nat -i enp5s0 -p udp --dport 9000:10999 -j DNAT --to-destination 192.168.106.10:9000-10999
post-up iptables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 5090 -j DNAT --to-destination 192.168.106.10:5090
post-up iptables -A PREROUTING -t nat -i enp5s0 -p udp --dport 5090 -j DNAT --to-destination 192.168.106.10:5090
post-up iptables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 5001 -j DNAT --to-destination 192.168.106.10:5001
post-up iptables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 5061 -j DNAT --to-destination 192.168.106.10:5061
post-up iptables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 46222 -j DNAT --to-destination 192.168.106.10:22
post-up iptables -A POSTROUTING -t nat -s 192.168.106.0/24 -o enp5s0 -j MASQUERADE
post-up iptables -A POSTROUTING -t nat -o vmbr0 -j MASQUERADE
post-down iptables -D INPUT -p tcp --destination-port 111 -j DROP
post-down iptables -D INPUT -p udp --destination-port 111 -j DROP
post-down iptables -D PREROUTING -t raw -i fwbr+ -j CT --zone 1
post-down iptables -D PREROUTING -t nat -i enp5s0 -p tcp --dport 46011 -j DNAT --to-destination 192.168.106.11:3389
post-down iptables -D PREROUTING -t nat -i enp5s0 -p tcp --dport 46012 -j DNAT --to-destination 192.168.106.12:3389
post-down iptables -D PREROUTING -t nat -i enp5s0 -p tcp --dport 46013 -j DNAT --to-destination 192.168.106.13:3389
post-down iptables -D PREROUTING -t nat -i enp5s0 -p tcp --dport 46015 -j DNAT --to-destination 192.168.106.14:3389
post-down iptables -D PREROUTING -t nat -i enp5s0 -p tcp --dport 46015 -j DNAT --to-destination 192.168.106.15:3389
post-down iptables -D PREROUTING -t nat -i enp5s0 -p tcp --dport 46016 -j DNAT --to-destination 192.168.106.16:3389
post-down iptables -D PREROUTING -t nat -i enp5s0 -p tcp --dport 46017 -j DNAT --to-destination 192.168.106.17:3389
post-down iptables -D PREROUTING -t nat -i enp5s0 -p tcp --dport 46018 -j DNAT --to-destination 192.168.106.18:3389
post-down iptables -D PREROUTING -t nat -i enp5s0 -p tcp --dport 46019 -j DNAT --to-destination 192.168.106.19:3389
post-down iptables -D PREROUTING -t nat -i enp5s0 -p tcp --dport 46020 -j DNAT --to-destination 192.168.106.20:3389
post-down iptables -D PREROUTING -t nat -i enp5s0 -p tcp --dport 4622 -j DNAT --to-destination 192.168.106.200:22
post-down iptables -D PREROUTING -t nat -i enp5s0 -p tcp --dport 46443 -j DNAT --to-destination 192.168.106.200:443
post-down iptables -D PREROUTING -t nat -i enp5s0 -p udp --dport 5060 -j DNAT --to-destination 192.168.106.10:5060
post-down iptables -D PREROUTING -t nat -i enp5s0 -p udp --dport 9000:10999 -j DNAT --to-destination 192.168.106.10:9000-10999
post-down iptables -D PREROUTING -t nat -i enp5s0 -p tcp --dport 5090 -j DNAT --to-destination 192.168.106.10:5090
post-down iptables -D PREROUTING -t nat -i enp5s0 -p udp --dport 5090 -j DNAT --to-destination 192.168.106.10:5090
post-down iptables -D PREROUTING -t nat -i enp5s0 -p tcp --dport 5001 -j DNAT --to-destination 192.168.106.10:5001
post-down iptables -D PREROUTING -t nat -i enp5s0 -p tcp --dport 5061 -j DNAT --to-destination 192.168.106.10:5061
post-down iptables -D PREROUTING -t nat -i enp5s0 -p tcp --dport 46222 -j DNAT --to-destination 192.168.106.10:22
post-down iptables -D POSTROUTING -t nat -s 192.168.106.0/24 -o enp5s0 -j MASQUERADE
post-down iptables -D POSTROUTING -t nat -o vmbr0 -j MASQUERADE

setze ich Portweiterleitungen auf die virtualisierten Systeme. Das maskieren des ausgehenden Verkehrs gelingt so, allerdings wird auch bei eingehendem Verkehr nun auch die IP des Routers angezeigt (192.168.106.1) statt die IP des öffentlichen Systems. Was muss ich ändern, damit nur der ausgehende Verkehr aus dem Netzwerk 192.168.106.0/24 maskiert wird? Ich komme nicht drauf und bin für Eure Hilfe dankbar! Ich bin zum Setup https://pve.proxmox.com/wiki/Networ...ith_tt_span_class_monospaced_iptables_span_tt gefolgt.
ens4 ist eine zweite interne NIC, die eine Verbindung in das interne Netzwerk herstellt.
Schnappschuss_121321_083112_PM.jpg
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back