I'm currently running a standard Proxmox install (which was installed by my host) on a Debian-based host OS.
I made 1 VM, and that's the only VM I plan on making. It's a Windows Server 2016 install.
I am looking for an IPtables command or configuration example where I can forward ALL of the ports from the host to the VM with the exception of the SSH port (so that I can still SSH into the host in case things go wrong).
Currently I am using vmbr2 with some tweaks for my guest OS, because I ran into the issue where vmbr0 wasn't providing internet access to my guest OS, for some reason. I haven't touched the configuration for br0 much at all.
Current /etc/network/interfaces file:
(I have been tinkering and debugging)
Can anyone show me how to forward all ports except for SSH? Thanks.
Also I'd prefer to avoid ghetto solutions, like 2 iptables lines for every possible port (which is the best idea I have ATM).
I made 1 VM, and that's the only VM I plan on making. It's a Windows Server 2016 install.
I am looking for an IPtables command or configuration example where I can forward ALL of the ports from the host to the VM with the exception of the SSH port (so that I can still SSH into the host in case things go wrong).
Currently I am using vmbr2 with some tweaks for my guest OS, because I ran into the issue where vmbr0 wasn't providing internet access to my guest OS, for some reason. I haven't touched the configuration for br0 much at all.
Current /etc/network/interfaces file:
Code:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
iface eth0 inet manual
# for Routing
auto vmbr1
iface vmbr1 inet manual
post-up /etc/pve/kvm-networking.sh
bridge_ports dummy0
bridge_stp off
bridge_fd 0
# vmbr0: Bridging. Make sure to use only MAC adresses that were assigned to you.
auto vmbr0
iface vmbr0 inet static
address <SEVRER PUBLIC IP>
netmask 255.255.255.0
network 198.245.61.0
broadcast 198.245.61.255
gateway 198.245.61.254
bridge_ports eth0
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up echo 1 > /proc/sys/net/ipv4/conf/vmbr0/proxy_arp
post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j SNAT --to <SEVRER PUBLIC IP>
post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j SNAT --to <SEVRER PUBLIC IP>
iface vmbr0 inet6 static
address 2607:5300:0060:019d::1
netmask 64
post-up /sbin/ip -f inet6 route add 2607:5300:0060:01ff:ff:ff:ff:ff dev vmbr0
post-up /sbin/ip -f inet6 route add default via 2607:5300:0060:01ff:ff:ff:ff:ff
pre-down /sbin/ip -f inet6 route del default via 2607:5300:0060:01ff:ff:ff:ff:ff
pre-down /sbin/ip -f inet6 route del 2607:5300:0060:01ff:ff:ff:ff:ff dev vmbr0
auto vmbr2
iface vmbr2 inet static
address 192.168.0.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up echo 1 > /proc/sys/net/ipv4/conf/vmbr2/proxy_arp
post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j SNAT --to <SEVRER PUBLIC IP>
post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j SNAT --to <SEVRER PUBLIC IP>
#post-up iptables -t nat -A POSTROUTING -s 192.168.0.10 -j SNAT --to-source <SEVRER PUBLIC IP>
#post-up iptables -t nat -A PREROUTING -d <SEVRER PUBLIC IP> -p tcp ! --dport 22 -j DNAT --to-destination 192.168.0.10Can anyone show me how to forward all ports except for SSH? Thanks.
Also I'd prefer to avoid ghetto solutions, like 2 iptables lines for every possible port (which is the best idea I have ATM).
