Help - cannot connect to win2008 guest

Y

yatesco

Well-Known Member
Sep 25, 2009
211
5
58
Hi,

I have a (KVM) windows server 2008 guest and I cannot connect to it from a public IP.

The host has a single eth0 (94.....) but there are a number of other IP addresses mapped (91....) which are configured via eth0:0 aliases (i.e. eth0:0, eth0:1 etc.)

There are a number of openvz containers with internal IPs (10....) and I use shorewall (http://www.myatus.co.uk/2009/08/31/guide-firewall-and-router-with-proxmox/) to route the traffic. This works fine, but I just cannot achieve the same thing with KVM.

Things I have tried:

- using vmbr0 with a 10... IP address with the eth0 as the gateway (netmask 255.255.255.255)
- using vmbr0 with the public address (91...), obviously the 91.. address isn't mapped to eth0:X
I have the tried the same with NAT. In addition I tried NAT with DHCP and it received a 10.0.2.X IP (from proxmox I assume - there is no dhcp server running anywhere else!). I then mapped the 91... address to eth0:X and tried a port forward, but no luck.

I am running out of ideas. I realise I have a custom setup with the firewall, but I just don't get what to do :(

Relevant configuration files (this is from the host with 2 openvz contains and 1 KVM machine):

ifconfig:
Code: 
dummy0    Link encap:Ethernet  HWaddr 0a:7d:57:9a:86:29
          inet6 addr: fe80::87d:57ff:fe9a:8629/64 Scope:Link
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:1356 (1.3 KiB)

eth0      Link encap:Ethernet  HWaddr 00:1c:c0:ee:c9:e8
          inet addr:94.X.X.X Bcast:94.23.224.255  Mask:255.255.255.0
          inet6 addr: fe80::21c:c0ff:feee:c9e8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:101668 errors:0 dropped:0 overruns:0 frame:0
          TX packets:78707 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:104430339 (99.5 MiB)  TX bytes:60058805 (57.2 MiB)

eth0:0    Link encap:Ethernet  HWaddr 00:1c:c0:ee:c9:e8
          inet addr:91.X.X.X  Bcast:91.255.255.255  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0:1    Link encap:Ethernet  HWaddr 00:1c:c0:ee:c9:e8
          inet addr:91.X.X.X  Bcast:91.255.255.255  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0:2    Link encap:Ethernet  HWaddr 00:1c:c0:ee:c9:e8
          inet addr:91.X.X.X Bcast:91.255.255.255  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0:3    Link encap:Ethernet  HWaddr 00:1c:c0:ee:c9:e8
          inet addr:X.X.X  Bcast:91.255.255.255  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2035 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2035 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:357512 (349.1 KiB)  TX bytes:357512 (349.1 KiB)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:54 errors:0 dropped:0 overruns:0 frame:0
          TX packets:53 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:8924 (8.7 KiB)  TX bytes:2724 (2.6 KiB)

vmbr0     Link encap:Ethernet  HWaddr 0a:7d:57:9a:86:29
          inet addr:94.X.X.X  Bcast:94.23.224.255  Mask:255.255.255.0
          inet6 addr: fe80::87d:57ff:fe9a:8629/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:468 (468.0 B)

shorewall zones:
Code: 
#ZONE   TYPE            OPTIONS         IN                      OUT
#                                       OPTIONS                 OPTIONS

fw      firewall
net     ipv4
dmz     ipv4

shorewall interfaces:
Code: 
#ZONE   INTERFACE       BROADCAST       OPTIONS
net     eth0            detect          blacklist,nosmurfs
dmz     venet0          detect          routeback
dmz     vmbr0           detect          routeback,bridge

shorewall policy:
Code: 
#SOURCE DEST    POLICY          LOG     LIMIT:          CONNLIMIT:
#                               LEVEL   BURST           MASK

# From Firewall Policy
fw      fw      ACCEPT
fw      net     ACCEPT
fw      dmz     ACCEPT

# From DMZ Policy
dmz     dmz     ACCEPT
dmz     net     ACCEPT
dmz     fw      DROP            info    1/sec:2

# From Net Policy
net     fw      DROP            info    1/sec:2
net     dmz     DROP            info    8/sec:30

# THE FOLLOWING POLICY MUST BE LAST
#
all     all     REJECT          info

shorewall rules
Code: 
#ACTION          SOURCE     DEST       PROTO   DEST        SOURCE     ORIGINAL    RATE

# Permit access to SSH
SSH/ACCEPT       net        fw         -       -            -          -          6/min:5

# Permit access to Proxmox Manager and Console
ACCEPT           net        fw         tcp     443,5900

# PING Rules
Ping/ACCEPT      all        all

#wiki
DNAT            net          dmz:10.0.1.1             tcp     22       -    91.X.X.X
DNAT            net          dmz:10.0.1.1             tcp     80       -    91.X.X.X
DNAT            net          dmz:10.0.1.1             tcp     443       -    91.X.X.X

#blog
DNAT            net          dmz:10.0.1.2             tcp     22       -    91.X.X.X
DNAT            net          dmz:10.0.1.2             tcp     80       -    91.X.X.X
DNAT            net          dmz:10.0.1.2             tcp     443       -    91.X.X.X

#bob (this is the one that isn't working!!!)
#DNAT            net          dmz:10.0.2.15             tcp     -       -    91.X.X.X
# LAST LINE -- DO NOT REMOVE

shorewall masq
Code: 
#INTERFACE      SOURCE          ADDRESS         PROTO   PORT(S) IPSEC   MARK
eth0            10.0.0.0/8

# LAST LINE -- DO NOT REMOVE
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom