Proxmox interfaces:
hXXps://pastebin.com/0UWvW8QQ
LXC container:
lxc ip: 10.10.10.2/24
lxc gw: 10.10.10.1
Forwarded ports:
iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 8888 -j DNAT --to 10.10.10.2:80
Firewall:
Datacenter:
FW: on
Input: 22->8006->DROP
Output: ACCEPT
Proxmox:
FW: on
LXC:
FW: on
FW on NIC: on
Input: 80->DROP
Output: ACCEPT
With this setup I am able to control forwarded ports on LXC, but internet in LXC does not working.
If I set LXC like:
LXC:
FW: on
FW on NIC: off
Input: 80->DROP
Output: ACCEPT
Internet in LXC is working, but forwarded ports are always opened.
Where can be a problem ?
I want internet in LXC and opened ports should be managed on enabled FW.
Thanks
EDIT:
Seems that only thing that is changed are these rules from iptables-save
hXXps://pastebin.com/45C4WTWp
hXXps://pastebin.com/0UWvW8QQ
LXC container:
lxc ip: 10.10.10.2/24
lxc gw: 10.10.10.1
Forwarded ports:
iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 8888 -j DNAT --to 10.10.10.2:80
Firewall:
Datacenter:
FW: on
Input: 22->8006->DROP
Output: ACCEPT
Proxmox:
FW: on
LXC:
FW: on
FW on NIC: on
Input: 80->DROP
Output: ACCEPT
With this setup I am able to control forwarded ports on LXC, but internet in LXC does not working.
If I set LXC like:
LXC:
FW: on
FW on NIC: off
Input: 80->DROP
Output: ACCEPT
Internet in LXC is working, but forwarded ports are always opened.
Where can be a problem ?
I want internet in LXC and opened ports should be managed on enabled FW.
Thanks
EDIT:
Seems that only thing that is changed are these rules from iptables-save
hXXps://pastebin.com/45C4WTWp