How to access proxmox local machine over internet via FTP protocol on port 21

indraraj001 · Jun 3, 2022

Hi,

Please help me

Proxmox is working fine as well as my local machine.

/etc/network/interface

auto lo
iface lo inet loopback

auto enp0s31f6
iface enp0s31f6 inet static
address 213.XX.XX.XX/24
gateway 213.XX.XX.1
# bridge_stp off
post-up echo 1 > /proc/sys/net/ipv4/conf/enp0s31f6/proxy_arp
post-up echo 1 > /proc/sys/net/ipv4/ip_forward

auto vmbr1
iface vmbr1 inet static
address 10.10.10.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o enp0s31f6 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o enp0s31f6 -j MASQUERADE
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

post-up iptables -t nat -A POSTROUTING -d 10.10.10.44 -p tcp -m multiport --dports 21,443,25,80,3389 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -d 10.10.10.44 -p tcp -m multiport --dports 21,443,25,80,3389 -j MASQUERADE
______________________________________________________________________

iptables

iptables -t nat -A PREROUTING -p tcp -d 213.xx.xx.xx --dport 80 -i enp0s31f6 -j DNAT --to-destination 10.10.10.44:80
iptables -t nat -A PREROUTING -p tcp -d 213.xx.xx.xx --dport 443 -i enp0s31f6 -j DNAT --to-destination 10.10.10.44:443
iptables -t nat -A PREROUTING -p tcp -d 213.xx.xx.xx --dport 21 -i enp0s31f6 -j DNAT --to-destination 10.10.10.44:21
iptables -t nat -A PREROUTING -p tcp -d 213.xx.xx.xx --dport 25 -i enp0s31f6 -j DNAT --to-destination 10.10.10.44:25

_______________________________________________________________________

during the installation of proxmox we put the domain... Proxmox-VE-abc.xyz.com
after nginx installed on 10.10.10.44 and iptables port forwarding abc.xyz.com is showing Welcome to nginx!

but ftp is not able to access on port 21 and when we added port 22 rule in iptables then not able to access port 22

conclusion - only port 80 is forwarding not 21 & 22.
Proxmox version - Debian 10 & 7.2-4
10.10.10.44 - ubuntu 20.04

Please help.

shrdlicka · Jun 7, 2022

Hi,

this is most likely a problem of FTP not playing nicely behind a NAT. I would recommend you try PASSIVE mode on the FTP server, and try to google iptables rules for Passive FTP servers (alternative is ACTIVE mode, but that needs a bit more configuration if I correctly remember).

indraraj001 · Jun 15, 2022

Thanks for your response. I will try this soon. Tried another solution through pfsense but got stuck

/etc/network/interface

auto lo
iface lo inet loopback

auto enp0s31f6
iface enp0s31f6 inet static
address 213.xx.xx.xx/24
gateway 213.xx.xx.xx
bridge_stp off
post-up echo 1 > /proc/sys/net/ipv4/conf/enp0s31f6/proxy_arp
post-up echo 1 > /proc/sys/net/ipv4/ip_forward

auto vmbr0
iface vmbr0 inet static
address 192.168.1.1/24
bridge-ports none
bridge-stp off
bridge-fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o enp0s31f6 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o enp0s31f6 -j MASQUERADE
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

auto vmbr1
iface vmbr1 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0

__________________________________________________________

pfsense address with vmbr0 & vmbr1
Wan address 192.168.1.22/24
Lan address 192.168.1.1/24
Internet is working fine

___________________________________________________________

Win 7 VM with vmbr1 (ip - 192.168.1.100)

pfsense access & internet as well
But can't ping vmbr0 network machine (but can ping 192.168.1.1 pfsense lan address)

____________________________________________________________

ubuntu server with vmbr0 (ip- 192.168.1.94)

Pfsense no access but internet access
But can't ping vmbr1 network Machine (but can ping 192.168.1.1 pfsense lan address)

____________________________________________________________

ubuntu desktop with vmbr0 (ip - 192.168.1.32)

Pfsense no access but internet access
But can't ping vmbr1 network Machine (but can ping 192.168.1.1 pfsense lan address)

______________________________________________________________

conclusion

vmbr0 & vmbr1 both have internet but they can't reach each other (Desti host unreachable)
only vmbr1 have pfsense access.

_____________________________________________________

Need help on this

vmbr0 & vmbr1 both have internet but they can't reach each other... so how can they ping or reach each other?
only vmbr1 have pfsense access. so how vmbr0 can get the access of pfsense?

Thanks

IS

bobmc · Jun 15, 2022

pfsense address with vmbr0 & vmbr1
Wan address 192.168.1.22/24
Lan address 192.168.1.1/24
Internet is working fine

Your WAN and LAN should not be on the same network - change the WAN network - e.g 192.168.100.1/24 (and update your iptable rules to use 192.168.100.0/24)
Also, in pfsense - check "Interfaces->WAN:reserved networks" and verify the "Block private networks and loopback addresses" is not enabled as your WAN interface is using a private IP range

indraraj001 · Jun 17, 2022

bobmc said:
Your WAN and LAN should not be on the same network - change the WAN network - e.g 192.168.100.1/24 (and update your iptable rules to use 192.168.100.0/24)
Also, in pfsense - check "Interfaces->WAN:reserved networks" and verify the "Block private networks and loopback addresses" is not enabled as your WAN interface is using a private IP range

Thanks for your response, No internet anywhere after changing as mentioned .. Win can only access pfsense through vmbr1
_______________________
Overall Setting
_______________________

Proxmox DHCP setting
https://bobcares.com/blog/dnsmasq-dhcp-server-in-proxmox/

_______________________

pfsense WAN & LAN details

wan 192.168.100.10/24
lan 192.168.1.1/24

No internet, No ping Win VM on vmbr1 (192.168.1.120), ubunto server 20.04 on vmbr 0 (192.168.1.154), ubuntu deskto on vmbr0 (192.168.1.30)

_______________________
win - vmbr1

No internet, ping vmbr0 (192.168.1.130, 192.168.1.154) (dest not reachable) but pfsense access

_______________________

unbuntu server vmbr0

No internet, ping vmbr0 all n 192.168.1.1 but vmbr1 - dest not reachable, no pfsense access

_______________________

ubuntu desktop vmbr0

same like unbuntu server

Any suggestions?

bobmc · Jun 17, 2022

Bash:

# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

auto ens18
iface ens18 inet static
        address xxx.xxx.xxx.xxx/24
        gateway xxx.xxx.xxx.xxx

iface ens19 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.100.254/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
#WAN Bridge

auto vmbr1
iface vmbr1 inet static
        address 192.168.1.254/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
#LAN Bridge

post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
post-up   iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -o ens18 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s 192.168.100.0/24 -o ens18 -j MASQUERADE
post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
post-down echo 0 > /proc/sys/net/ipv4/ip_forward

this works in my lab setup, a VM with a nic on vmbr1 and an ip in the subnet 192.168.1.0/24 using a gateway of 192.168.1.1 (assigned to LAN interface on pfsense VM) has internet access

indraraj001 · Jun 20, 2022

Thanks bob.. I tried your setting on my proxmox but not succeed so i tried something else.

DHCP server on proxmox 192.168.50.10 - 200 with public ip 213.xx.xx.xx
pfsense WAN ip 192.168.50.132 (DHCP) and LAN 192.168.1.1 (pfsense successfully access on vmbr1 with win machine and internet as well)
Win machine ( 192.168.1.100 on vmbr1 and gateway 192.168.1.1 && accessing pfsense on WAN and LAN ip)
Linux machine ubuntu server( 192.168.50.123 on vmbr0 thru DHCP - can't ping win machine on vmbr1 but working fine with internet)
Linux machine installed nginx and curl is working fine on the same machine
changes in pfsense - unchecked - block private network & block bogon network on WAN interface

so Without NAT forwarding... Win machine was accessing linux ubuntu nginx on port 80 on win machine browser.. 192.168.50.123 and after adding LAN NAT forwarding.. Win machine able to access 213.xx.xx.xx nginx default page but on proxmox network only. but whenever trying to access 213.xx.xx.xx from internet... giving error connection refused.

Can you please advise when NAT WAN forwarding is not working over the internet if you can?

Thanks

IS

Search

Search

How to access proxmox local machine over internet via FTP protocol on port 21

indraraj001

New Member

shrdlicka

Proxmox Retired Staff

indraraj001

New Member

bobmc

Renowned Member

indraraj001

New Member

bobmc

Renowned Member

indraraj001

New Member

Attachments

We value your privacy