Hetzner + port forwarding (1 public ip)

F

fellow1033

New Member
Jul 28, 2019
12
0
1
36
Hi,

I am trying to setup a Proxmox on Hetzner.

1 public IP
with 10.0.0.1/8 internal network for all VM's.

initial config done my Hetzner team was:

Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual


auto vmbr0
iface vmbr0 inet static
        address  46.4.XX.XX
        netmask  255.255.255.192
        gateway  46.4.XX.XX
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0


Of course my VM had no internet or I wouldn't be able to expose any of servers to outside.

So I start playing around, checking number of tutorials and posts, but I cannot make it work.


I was playing only with a first dev machine on Windows, I've managed to get the internet on it but cannot forward anything.

It looks like some settings are creating Tunnel adapter Teredo Tunneling Pseudo-Interface with ipv6 address.


Config on VM (adapter is using vmbr1)

Code: 
IP: 10.0.0.1/8
Subnet: 255.0.0.0
GW: 10.0.254.2


Current host interfaces file:
Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up echo 1 > /proc/sys/net/ipv4/conf/eno1/proxy_arp
        post-up iptables -A FORWARD -i eno1 -j ACCEPT
        post-up iptables -A FORWARD -o eno1 -j ACCEPT


auto vmbr0
iface vmbr0 inet static
        address  46.4.X.X
        netmask  255.255.255.192
        gateway  46.4.X.X
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0

     post-up iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up echo 1 > /proc/sys/net/ipv4/conf/eno1/proxy_arp

        post-up iptables -t nat -A POSTROUTING -o vmbr0 -j MASQUERADE




auto vmbr1
iface vmbr1 inet static
        address  10.0.254.2
        netmask  8
        bridge-ports vmbr0
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward

        post-up iptables -t nat -A POSTROUTING -o vmbr1 -j MASQUERADE
        post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/8' -o eth0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/8' -o eth0 -j MASQUERADE

        post-up iptables -t nat -A PREROUTING -i eno1 -p tcp --dport 3389 -j DNAT --to 10.0.0.1:3389
        post-down iptables -t nat -D PREROUTING -i eno1 -p tcp --dport 3389 -j DNAT --to 10.0.0.1:3389


I've tried number of things but looks like I am missing something...
 
AFAICS it should work even some entries have no effect. Inspect incoming packets via tcpdump in order if they are converted correctly (i.e. are they sent correctly to / answered from VM with address 10.0.0.1?) . If you have firewall active disable it (temporarily).
 
You must log in or register to reply here.
Top Bottom