cURL connection inside container issue

Mavis

Member
Sep 23, 2021
4
0
6
27
Hello, community.
Working with the Proxmox on bare metal I faced an issue that my VMs cannot curl my external IP, I always faced with an issue "Connection refuse" or infinity loading.

Here is my node network config:
Code:
auto lo
iface lo inet loopback
iface lo inet6 loopback

#PUBLIC LAN
auto enp2s0
iface enp2s0 inet static
  address {PUBLIC_ADDRESS/MASK}
  gateway {GATEWAY}
  pointopoint {PUBLIC_IP}

#CLUSTER VSWITCH LAN
auto enp2s0.4000
iface enp2s0.4000 inet static
  address  10.0.10.10
  netmask  255.255.255.0
  vlan-raw-device enp2s0
  mtu 1400

#GUEST LAN FOR PROXMOX
auto vmbr0
iface vmbr0 inet static
address  10.0.0.1
  netmask  255.255.255.0
  bridge-ports none
  bridge-stp off
  bridge-fd 0
  post-up echo 1 > /proc/sys/net/ipv4/ip_forward
  post-up   iptables -t nat -A POSTROUTING -s '10.0.0.1/24' -o enp2s0 -j MASQUERADE
  post-down iptables -t nat -D POSTROUTING -s '10.0.0.1/24' -o enp2s0 -j MASQUERADE

  post-up   iptables -t nat -A PREROUTING -i enp2s0 -p tcp --dport 80 -j DNAT --to 10.0.0.2:80
  post-down iptables -t nat -D PREROUTING -i enp2s0 -p tcp --dport 80 -j DNAT --to 10.0.0.2:80
  post-up   iptables -t nat -A PREROUTING -i enp2s0 -p tcp --dport 443 -j DNAT --to 10.0.0.2:443
  post-down iptables -t nat -D PREROUTING -i enp2s0 -p tcp --dport 443 -j DNAT --to 10.0.0.2:443

From my computer, I can access the web server on my web server VM, but when I create one more VM and try to curl my domain that points to the node public IP I cannot do this.
With all due respect, I ask you to tell me where I went wrong because I tried so many options and still cannot understand what is wrong.

Best regards,
Mavis.
 
HI,

I have a question if I understood this correctly:
  • You have a VM running a Webserver (IP 10.0.0.2) in your NATed LAN. Lets call it VM-A
  • You start another VM in your NAT and try to access VM-A via the {PUBLIC ADDRESS} from your host?
 
HI,

I have a question if I understood this correctly:
  • You have a VM running a Webserver (IP 10.0.0.2) in your NATed LAN. Lets call it VM-A
  • You start another VM in your NAT and try to access VM-A via the {PUBLIC ADDRESS} from your host?
Hello!

Yes, this is my goal, but I cannot do this for some reason.
My hosting provider is Hetzner.

Regards,
Mavis.
 
I think this cannot work, at least with the current iptable rules. The packet never gets to the PREROUTING rule on the host that would tell it to be forwarded to the webserver.

Is there a specific reason why you want to go VM --> host ip -> Webserver instead of VM directly to Webserver?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!