How can I seperate two Public IPs on single NIC

M

meg

New Member
Jan 21, 2014
3
0
1
Hi everyone.

For past few days I'm fighting with my proxmox config and cannot figure out how to fix it the way i want. I was trying to find the similar problems/questions people have but I couldn't find anything. If I'm wrong and there is an answer to my question please point me to it.

To the point.
Recently I've installed proxmox. I created five containers under one public ip (according to this tutorial http://www.ameir.net/blog/archives/55-running-proxmox-behind-a-single-ip-address.html ). Now I decided to get second ip address. I would like to point it only to one of the containers. For now with both IPs i can access all the containers and I can't seem to get it right.

Below is my config (changed it milion times, tried a lot of things but nothing works).

Code: 
# network interface settings
auto lo
iface lo inet loopback

iface eth5 inet manual

auto eth4
iface eth4 inet manual


auto vmbr0
iface vmbr0 inet static
pre-up iptables-restore < /etc/iptables.rules
        address 192.168.1.229
        netmask 255.255.255.192
        gateway 192.168.1.254
        bridge_ports eth4
        bridge_stp off
        bridge_fd 0


auto vmbr0:0
iface vmbr0:0 inet static
        address 10.0.0.1
        netmask 255.255.255.0
        network 10.0.0.0
        brodcast 10.0.0.255
#pre-up iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o vmbr0 -j MASQUERADE

I've tried adding vmbr2 with the second IP but did not succeed.

Is there a way to seperate those two IP address? When I add IP address 192.168.1.244 to one of the containers i can ssh to it directly but so i can do it to all the other containers when i specify the port.
 
The problem I have is that even when th econtainer with the "new ip" is down I can still ping/access all other containers using that ip.
I would like to know if there is a way to route all the trafic for specific ip to specific container and only that container.
 
meg said:
The problem I have is that even when th econtainer with the "new ip" is down I can still ping/access all other containers using that ip.
I would like to know if there is a way to route all the trafic for specific ip to specific container and only that container.
Click to expand...

Hmmm,
in your first posting, you wrote "When I add IP address 192.168.1.244 to one of the containers"! Now "all other containers using that ip"! ???
If you use veth you should only use an real IP for that bridged network.

Udo
 
Exactly that's my problem. If IP isn't added to the container, I can use both IPs 192.168.1.244 192.168.1.229. They both seem to be assign to my dedicated server and they both resolve to it. So what I wanted to do is to have one of the IPs resolving only to one of the containers.

If I add that IP to the container itself I can ssh to it's port 22 which seems fine, but I can also ssh to all the other containers if I specify their port. Also if I type the new ip assigned to the container in the browser i get the website that is running on one of the other containers. This is something I totally don't understand. I dont have (obviously) enough network knowledge to figure out wtf.

I put my iptables rules. Maybe that would help.
Code: 
*mangle
:PREROUTING ACCEPT [7509:3607598]
:INPUT ACCEPT [7509:3607598]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5666:4291435]
:POSTROUTING ACCEPT [5666:4291435]
COMMIT

*filter
:INPUT ACCEPT [7509:3607598]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5666:4291435]
COMMIT

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

#SSH port
-A PREROUTING -i vmbr0 -p tcp -m tcp --dport 23  -j DNAT --to-destination 10.0.0.6:22
-A PREROUTING -i vmbr0 -p tcp -m tcp --dport 24  -j DNAT --to-destination 10.0.0.6:22
#ZNC port
-A PREROUTING -i vmbr0 -p tcp -m tcp --dport xxxx  -j DNAT --to-destination 10.0.0.6:xxxx

# mailserver ports

-A PREROUTING -i vmbr0 -p tcp -m tcp --dport 993  -j DNAT --to-destination 10.0.0.2:993
-A PREROUTING -i vmbr0 -p tcp -m tcp --dport 995  -j DNAT --to-destination 10.0.0.2:995
-A PREROUTING -i vmbr0 -p tcp -m tcp --dport 587  -j DNAT --to-destination 10.0.0.2:587
-A PREROUTING -i vmbr0 -p tcp -m tcp --dport 465  -j DNAT --to-destination 10.0.0.2:465
-A PREROUTING -i vmbr0 -p tcp -m tcp --dport 143  -j DNAT --to-destination 10.0.0.2:143
-A PREROUTING -i vmbr0 -p tcp -m tcp --dport 25  -j DNAT --to-destination 10.0.0.2:25

#web proxy port
-A PREROUTING -i vmbr0 -p tcp -m tcp --dport 80  -j DNAT --to-destination 10.0.0.3:80
-A PREROUTING -i vmbr0 -p tcp -m tcp --dport 443  -j DNAT --to-destination 10.0.0.3:443



#End of port forwarding list

-A POSTROUTING -s 10.0.0.0/24 -o vmbr0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.0/24 -o vmbr0 -j MASQUERADE
COMMIT
 
You must log in or register to reply here.
Top Bottom