Hetzner + port forwarding (1 public ip)

fellow1033

New Member
Jul 28, 2019
12
0
1
36
Hi,

I am trying to setup a Proxmox on Hetzner.

1 public IP
with 10.0.0.1/8 internal network for all VM's.

initial config done my Hetzner team was:

Code:
auto lo
iface lo inet loopback

iface eno1 inet manual


auto vmbr0
iface vmbr0 inet static
        address  46.4.XX.XX
        netmask  255.255.255.192
        gateway  46.4.XX.XX
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0


Of course my VM had no internet or I wouldn't be able to expose any of servers to outside.

So I start playing around, checking number of tutorials and posts, but I cannot make it work.


I was playing only with a first dev machine on Windows, I've managed to get the internet on it but cannot forward anything.

It looks like some settings are creating Tunnel adapter Teredo Tunneling Pseudo-Interface with ipv6 address.


Config on VM (adapter is using vmbr1)

Code:
IP: 10.0.0.1/8
Subnet: 255.0.0.0
GW: 10.0.254.2


Current host interfaces file:
Code:
auto lo
iface lo inet loopback

iface eno1 inet manual
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up echo 1 > /proc/sys/net/ipv4/conf/eno1/proxy_arp
        post-up iptables -A FORWARD -i eno1 -j ACCEPT
        post-up iptables -A FORWARD -o eno1 -j ACCEPT


auto vmbr0
iface vmbr0 inet static
        address  46.4.X.X
        netmask  255.255.255.192
        gateway  46.4.X.X
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0

     post-up iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up echo 1 > /proc/sys/net/ipv4/conf/eno1/proxy_arp

        post-up iptables -t nat -A POSTROUTING -o vmbr0 -j MASQUERADE




auto vmbr1
iface vmbr1 inet static
        address  10.0.254.2
        netmask  8
        bridge-ports vmbr0
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward

        post-up iptables -t nat -A POSTROUTING -o vmbr1 -j MASQUERADE
        post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/8' -o eth0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/8' -o eth0 -j MASQUERADE

        post-up iptables -t nat -A PREROUTING -i eno1 -p tcp --dport 3389 -j DNAT --to 10.0.0.1:3389
        post-down iptables -t nat -D PREROUTING -i eno1 -p tcp --dport 3389 -j DNAT --to 10.0.0.1:3389


I've tried number of things but looks like I am missing something...
 
AFAICS it should work even some entries have no effect. Inspect incoming packets via tcpdump in order if they are converted correctly (i.e. are they sent correctly to / answered from VM with address 10.0.0.1?) . If you have firewall active disable it (temporarily).
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!