Forward Protocol Stack to VM (ipsec/gre/ah/etc.)

tirili · Jan 16, 2019

Hello,

which is the correct way to forward all protocols for a specific IP directly to a VM?

E.g.

JUMPERint=192.168.90.10
JUMPER=8.4.2.3 (official IP, public)

iptables -t nat ${PARAM} PREROUTING -d ${JUMPER}/32 -p esp -j DNAT --to-destination ${JUMPERint}
iptables -t nat ${PARAM} PREROUTING -d ${JUMPER}/32 -p ah -j DNAT --to-destination ${JUMPERint}
iptables -t nat ${PARAM} POSTROUTING -s ${JUMPERint}/32 -p esp -o vmbr0 -j SNAT --to-source ${JUMPER}
iptables -t nat ${PARAM} POSTROUTING -s ${JUMPERint}/32 -p ah -o vmbr0 -j SNAT --to-source ${JUMPER}
iptables ${PARAM} INPUT -s ${JUMPERint}/32 -p esp -o vmbr0 -j SNAT --to-source ${JUMPER}
iptables ${PARAM} INPUT -s ${JUMPERint}/32 -p ah -o vmbr0 -j SNAT --to-source ${JUMPER}

LnxBil · Jan 16, 2019

Normally without the protocol setting (-p).

tirili · Jan 16, 2019

Which is the correct syntax for enabling ACCEPT for protocols like ESP / AH / GRE via proxmox.firewall (e.g. /etc/pve/cluster.fw) ?

LnxBil · Jan 18, 2019

tirili said:
Which is the correct syntax for enabling ACCEPT for protocols like ESP / AH / GRE via proxmox.firewall (e.g. /etc/pve/cluster.fw) ?

No idea, just use some os-integration. I always add those rules to /etc/network/interfaces written like this:

https://pve.proxmox.com/wiki/Networ...ith_tt_span_class_monospaced_iptables_span_tt

Search

Search

Forward Protocol Stack to VM (ipsec/gre/ah/etc.)

tirili

Member

LnxBil

Distinguished Member

tirili

Member

LnxBil

Distinguished Member

We value your privacy