Cannot access SharePoint VM from host with masquerading configuration

M

momo87

Member
May 28, 2022
9
1
8
Hi experts,

I have installed proxmox on my laptop and installed the kde-plasma-desktop environment and plasma-nm. My wifi module (intel 8265) is my primary network device and I have configured my network configuration as Masquerading (Nat) with ip tables as described in https://pve.proxmox.com/wiki/Network_Configuration.

Here is my /etc/network/interfaces

auto lo
iface lo inet loopback

auto vmbr0
iface vmbr0 inet static
address 10.10.10.1/24
bridge-ports none
bridge-stp off
bridge-fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o wlp1s0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o wlp1s0 -j MASQUERADE

I have installed SharePoint 2019 on-premise on a VM and configured the ipv4 as

IP address:10.10.10.101
subnetmask: 255.0.0.0
Default gateway: 10.10.10.1
Preferred DNS:8.8.8.8
Alternate DNS:8.8.4.4

My VM can ping my host and vice versa. Both host and VM can access internet.

Problem: my host cannot access my SharePoint VM via the SharePoint http url link . Error message on google chrome is DNS_PROBE_FINISHED_NXDOMAIN. I have verified that my proxmox's firewall are all shutdown and no UFW setup. Please help me thank you.

I have zero networking knowledge. Just copy the configuration from proxmox dcoumentation. Therefore, please share with me in detail if possible. Thank you.
 
Q: What does your sharepoint url look like?
Q: Does it resolve to the expected IP on the host?
Q: Does https://10.10.10.101 display the default IIS webpage?

C: your subnet mask on the sharepoint server should be 255.255.255.0 not 255.0.0.0 (not a show stopper but good practice)
 
bobmc said:
Q: What does your sharepoint url look like?
Click to expand...
http://sp19/sites/devops/SitePages/Home.aspx
bobmc said:
Q: Does it resolve to the expected IP on the host?
Click to expand...
I am not sure what this means. But i tried the following:
1) nslookup 10.10.10.101 and the reply is
** server can't find 101.10.10.10.in-addr.arpa: NXDOMAIN
2) dig -x 10.10.10.101 and the reply is
; <<>> DiG 9.16.27-Debian <<>> -x 10.10.10.101
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26785
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;101.10.10.10.in-addr.arpa. IN PTR

;; Query time: 8 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat May 28 23:14:35 +08 2022
;; MSG SIZE rcvd: 54
3) ping -a 10.10.10.101 and the reply is
8 packets transmitted, 8 received, 0% packet loss, time 7133ms
bobmc said:
Q: Does https://10.10.10.101 display the default IIS webpage?
Click to expand...
The reply is
10.10.10.101 refused to connect.
Try:
ERR_CONNECTION_REFUSED
I tried http://10.10.10.101 and the reply is
HTTP/1.1 200 OK
Server: Microsoft-IIS/10.0
Connection: close

I have already disabled windows server firewall and set my VM --> Firewall -->Options --> No. I have also set windows defender firewall inbound rules to all tcp port 80 and 443. But I think this is not the cause for I have already shutdown firewall.
bobmc said:
C: your subnet mask on the sharepoint server should be 255.255.255.0 not 255.0.0.0 (not a show stopper but good practice)
Click to expand...
Got it.

Thank you bobmc.
 
Q: Does it resolve to the expected IP on the host?
Click to expand...
you would use
nslookup sp19
to verify dns was returning 10.10.10.101

However, connection refused for https://10.10.10.101, but a ping 10.10.10.101 works, suggests a) firewall blocking connection or b) service not running (i.e no process listening)
 
Last edited:
Q: Does it resolve to the expected IP on the host?
Click to expand...
you would use
nslookup sp19
to verify dns was returning 10.10.10.101
I tried nslookup sp19 on host and the reply is
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
*** Can't find sp19: No answer
I tried nslookup sp19 on VM and, naturally,duh, it can be resolved.

However, connection refused for https://10.10.10.101, but a ping 10.10.10.101 works, suggests

a) firewall blocking connection
I tried pve-firewall status on host and the reply is
Status: disabled/running
I have also stopped pve firewall. But I cannot connect to https://10.10.10.101.

b) service not running (i.e no process listening)
I am not sure about this. But SP functions normally on VM.

I suspect the issue might be caused by MASQUERADE. Could my host request cannot be redirected to my VM? Do I need to reroute requests as illustrated in https://www.youtube.com/watch?v=Q5l7VH6b5r4 timestamp 10:45 onwards

Thank you bobmc :)
 
If you are accessing your VM from outside the 10.10.10.0 network, you will need to forward ports 80 and/or 443 to your VM

e.g
post-up iptables -t nat -A PREROUTING -i wlp1s0 -p tcp --dport 80 -j DNAT --to-destination 10.10.10.101 post-down iptables -t nat -D PREROUTING -i wlp1s0 -p tcp --dport 80 -j DNAT --to-destination 10.10.10.101
 
Thank you bobmc, I tried adding those 2 lines. But it does'nt work.

Here is my /etc/network/interfaces

auto lo
iface lo inet loopback

auto vmbr0
iface vmbr0 inet static
address 10.10.10.1/24
bridge-ports none
bridge-stp off
bridge-fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0' -o wlp1s0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0' -o wlp1s0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i wlp1s0 -p tcp --dport 80 -j DNAT --to-destination 10.10.10.101:80
post-down iptables -t nat -D PREROUTING -i wlp1s0 -p tcp --dport 80 -j DNAT --to-destination 10.10.10.101:80
post-up iptables -t nat -A PREROUTING -i wlp1s0 -p tcp --dport 443 -j DNAT --to-destination 10.10.10.101:443
post-down iptables -t nat -D PREROUTING -i wlp1s0 -p tcp --dport 443 -j DNAT --to-destination 10.10.10.101:443

And my windows server ip is

IP address:10.10.10.101
subnetmask: 255.255.255.0
Default gateway: 10.10.10.1
Preferred DNS:8.8.8.8
Alternate DNS:8.8.4.4
 
those ip tables don't make 10.10.10.101 directly addressable, they forward traffic addressed to the IP assigned to wlp1s0 onto the target VM

So if the interface wlp1s0 has 192.168.100.1 assigned then you would use https://192.168.100.1/sites/devops/... etc
 
Thank you so much bobmc. With your advice, I can access my SP from host finally.
Valid.png

I can finally start my home lab on my laptop. Really grateful:D
 
  • Like
Reactions: bobmc
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back