/how do I make a port release

D

DjBomberpilot

Member
May 24, 2021
44
1
8
36
I have a root server at Server4you and with your help I managed to create a VM with internet

Now the problem is that the VM has the same IP as the root server, I can't find a game server that is installed on the VM


Now my question, what do I have to do to make it work
 
didn't I do that with it?



auto vmbr0
iface vmbr0 inet static
address 192.168.1.1/24
bridge-ports none
bridge-stp off
bridge-fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o eth0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o eth0 -j MASQUERADE
# for containers
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
 
No, that is only the NAT where you tell the host to route between your public IP and the private subnet. You still need to do port forwarding so your VMs services can be accessed (and hacked!!!) from the internet.
 
Good point to start would be to learn a bit about iptables to understand how it works so that you are knowing what you are doing: https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
Iptables is your firewall that prevents the internet from hacking your server and you want to punch a hole in it so the internet can access your VM. One bad rule and your complete server is exposed to the internet and everyone in the world can access it.

Just to copy and paste some lines wouldn't really help because you need to know how to secure it and for that you need to understand the concept behind it first.
 
Last edited:
Would be useful to use one public IP for management and another one for all hosted services. So that it is not that easy to find your open SSH/WebUI/API ports that correspond to your public services. And if you also got a second NIC it would be harder to lock you out.
 
Last edited:
my interface file looks like this

auto lo
iface lo inet loopback

auto eth0
#real IP address
iface eth0 inet static
address 85.93.89.20
netmask 255.255.255.0
gateway 85.93.89.1

auto vmbr0
iface vmbr0 inet static
address 192.168.1.1/24
bridge-ports none
bridge-stp off
bridge-fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o eth0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o eth0 -j MASQUERADE
# for containers
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

# The primary network interface
iface eth0 inet static
address 85.93.89.20
netmask 255.255.255.0
broadcast 85.93.89.255
network 192.168.10.0
gateway 85.93.89.1

my addition is called ip


IP188.138.25.22
Netzmaske255.255.255.255
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom