Help, can I setup proxmox to use 1-to-1 NAT to VM

T

testhink

New Member
Dec 3, 2020
2
0
1
32
Hello everyone,

I'm so sorry before for my bad english and unstructured writing, because here not native english.

I just setup proxmox in bridge on vmbr0 and setup some NAT on vmbr1 like documentation before and my host and my VM can reach the internet connection.
my host connected to public ip 192.168.88.88 (example) and i have another idle public ip 192.168.88.89 - 192.168.88.93
my VM need local address for interconnection with IP range 10.10.10.1/24 so i use the NAT
the question is.. Can I connect the VM with my spare idle public IP behind NAT..? and how to setup the network in proxmox..?

Here is my /etc/network/interface :
Bash: 
uto lo
iface lo inet loopback

iface eno4 inet manual

iface eno1 inet manual

iface eno2 inet manual

iface eno3 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.88.88/24
        gateway 192.168.88.1
        bridge-ports eno4
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address 10.10.10.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
post-up   iptables -t nat -A POSTROUTING -s '10.10.10.1/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.1/24' -o vmbr0 -j MASQUERADE

This is the network setup which I expected:
  1. Proxmox host 192.168.88.88 (pub ip)
  2. 192.168.88.89 (pub ip) <=======> VM (1) 10.10.10.5 (NAT)
  3. 192.168.88.90 (pub ip) <=======> VM (2) 10.10.10.6 (NAT)
  4. 192.168.88.91 (pub ip) <=======> VM (3) 10.10.10.7 (NAT)
Click to expand...

another question how to apply networking setup after editing /etc/network/interface without reboot the server...?

Hope someone can help.
Thanks.
 
Last edited:
At least the answer to the second question is easy: install the package ifupdown2 in order to apply network changes without a reboot.
 
  1. Proxmox host 192.168.88.88 (pub ip)
  2. 192.168.88.89 (pub ip) <=======> VM (1) 10.10.10.5 (NAT)
  3. 192.168.88.90 (pub ip) <=======> VM (2) 10.10.10.6 (NAT)
  4. 192.168.88.91 (pub ip) <=======> VM (3) 10.10.10.7 (NAT)
Click to expand...

You should resolve this by using iptables with nat.
Something like this should do the trick:

Bash: 
iptables -t nat -A PREROUTING -p tcp -d 192.168.88.89 -j DNAT --to-destination 10.10.10.5
iptables -t nat -A PREROUTING -p tcp -d 192.168.88.90 -j DNAT --to-destination 10.10.10.6
iptables -t nat -A PREROUTING -p tcp -d 192.168.88.91 -j DNAT --to-destination 10.10.10.7

# You also need a masquerade for the traffic back to the internet
# something like:
iptables -t nat -A POSTROUTING -s '192.168.88.0/24' -o vmbr0 -j MASQUERADE
 
um3n said:
You should resolve this by using iptables with nat.
Something like this should do the trick:

Bash: 
iptables -t nat -A PREROUTING -p tcp -d 192.168.88.89 -j DNAT --to-destination 10.10.10.5
iptables -t nat -A PREROUTING -p tcp -d 192.168.88.90 -j DNAT --to-destination 10.10.10.6
iptables -t nat -A PREROUTING -p tcp -d 192.168.88.91 -j DNAT --to-destination 10.10.10.7

# You also need a masquerade for the traffic back to the internet
# something like:
iptables -t nat -A POSTROUTING -s '192.168.88.0/24' -o vmbr0 -j MASQUERADE
Click to expand...
Hai @um3n thanks for replying..
i still cant connect the VM with public ip.. am I did wrong..?
Bash: 
root@pve:~# ssh root@192.168.88.89
ssh: connect to host 192.168.88.89 port 22: No route to host
root@pve:~# ssh root@10.10.10.5
root@10.10.10.5's password:
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Mon Dec 21 18:12:52 2020
[root@localhost ~]#

i put the iptables config on /etc/network/interfaces

Code: 
Bash:

uto lo
iface lo inet loopback

iface eno4 inet manual

iface eno1 inet manual

iface eno2 inet manual

iface eno3 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.88.88/24
        gateway 192.168.88.1
        bridge-ports eno4
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address 10.10.10.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
post-up   iptables -t nat -A POSTROUTING -s '10.10.10.1/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.1/24' -o vmbr0 -j MASQUERADE
post-up   iptables -t nat -A PREROUTING -p tcp -d 192.168.88.89 -j DNAT --to-destination 10.10.10.5
post-up   iptables -t nat -A PREROUTING -p tcp -d 192.168.88.90 -j DNAT --to-destination 10.10.10.6
post-up   iptables -t nat -A PREROUTING -p tcp -d 192.168.88.91 -j DNAT --to-destination 10.10.10.7


post-up   iptables -t nat -A POSTROUTING -s '192.168.88.0/24' -o vmbr0 -j MASQUERADE

@ph0x thanks for command dude.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back