How to port forward on Kimsufi on 5.3.6 (old tutorials are not working)

asgasgdsg

New Member
Oct 26, 2018
8
0
1
97
As per question.

There is no single working tutorial for 5.3.6 (either some features removed / changed / things changed) for Kimsufi.


I.e.

1 public IP needs to expose ports to 5 container's ssh.


Have vmbr0 with public IP (as any other kimsufi server)
vmbr1 with 10.0.0.1

container 10.0.0.2

Can ping and login via ssh from host

Can access internet from container




*****

I've checked number of posts on this forum, seems like this issue was never solved :( which is weird as port forwarding is an industry standard to exposing different services. I will just go back to clean Ubuntu as there is no issue with using even thousand domains on one ip, and I really don't know why Proxmox is not viable option.

Too bad as we would take the commercial support as we have over 10 servers and keep growing.

However if something so simple is broken then I cannot imagine growing it to the cluster of 50-200 servers. Very disappointing.
 
Last edited:

sb-jw

Active Member
Jan 23, 2018
551
49
28
28
I don't think its an PVE Problem as i can read here from your Thread. I think it is more an Problem at Kimsufi. For example, the german Hoster "Hetzner" has virtual MAC Adresses which you need, when you want to gave an Public IP to an virtual Machine. So maybe you have to ask the Kimsufi support if there are any known limitation on the Network.

Otherwise, please post some more informations here.
 

asgasgdsg

New Member
Oct 26, 2018
8
0
1
97
I don't think its an PVE Problem as i can read here from your Thread. I think it is more an Problem at Kimsufi. For example, the german Hoster "Hetzner" has virtual MAC Adresses which you need, when you want to gave an Public IP to an virtual Machine. So maybe you have to ask the Kimsufi support if there are any known limitation on the Network.

Otherwise, please post some more informations here.
I don't want to give public IP to the VM. I want to redirect ports as I did on Ubuntu machines.

I have number of Kimsufi machines that exposing number of applications via ports/domains. Everything working like a dream.

Only problem is with Proxmox. Could you explain why do you think it has anything to do with Kimsufi ???

Each server has 1 IP and runs ~ 3-10 applications (accessible via ports / domains using NGINX).
 

asgasgdsg

New Member
Oct 26, 2018
8
0
1
97
I have number of Kimsufi machines that exposing number of applications via ports/domains. Everything working like a dream.
As per above. NOT A KIMSUFI FAULT THAT PORT FORWARDING IS BROKEN BY PROXMOX.

Obviously port forwarding is broken on Debian with Proxmox, so how to fix it as there is plenty of people asking about it.

It is technically possible to port forward on Kimsufi, it is working and Proxmox is breaking or implementing it in wrong way.


I am not the first person asking about it, and there is a reason. This normally works on Linux, and Proxmox's dev's broke it.
 

sb-jw

Active Member
Jan 23, 2018
551
49
28
28
Otherwise, please post some more informations here.
For example the interfaces file, etc. All what's needed to check or help you.

Have vmbr0 with public IP (as any other kimsufi server)
vmbr1 with 10.0.0.1

container 10.0.0.2

Can ping and login via ssh from host

Can access internet from container
And on the other ones it works? If yes, what's the difference?
 

asgasgdsg

New Member
Oct 26, 2018
8
0
1
97
For example the interfaces file, etc. All what's needed to check or help you.


And on the other ones it works? If yes, what's the difference?

1. None of tutorials, posts, etc. (tests ~ 8-10) worked on newest Proxmox + Debian Stretch
Config doesn't matter as I've used number of different configs

2. According to many sources port forwarding is broken on Proxmox + Debian Stretch. Only working on < 5.x with Debian 8.x


If you have any example that is working on Debian 9.x + Proxmox 5.x, I will gladly test it.

It seems that Proxmox was never tested by dev team as there is also number of complains of non-working Proxmox manually installed (using instruction) and newest Debian version (there is some dependency issue).


To be honest I already deleted all Proxmox as will be recommending other system when Virtualization is needed (for now we will stick with working LXD support on Ubunt).

However if you have WORKING & TESTED (I am software engineer and can't understand how anyone can release anything without testing, aren't they using CI/CD ??? What year it is ? 1996 ? Can't they use unit/integration/contract testing ? WTF) I will test it, but to be honest I can't recommend system with so poor implementation, number of people complaining about bugs that weren't fixed for YEARS, broken in many use cases as a commercial virtualization platform that will be shortly using hundreds of servers.

This is my second approach to Proxmox and I am surprised by how amateurish is XenForo dev process (I know that they are not real software engineers so they might not know about some processes and best standards, but it is not a young company, they should hire consultant, fire all "devs" and hire some new guys that could at least mimic processes that real software engineers are following every day)...


Perhaps our new admin will solve it, but I will definitely oppose Proxmox. I've wasted way too much of my time on this. And it is simply broken piece of distro.
 

spirit

Well-Known Member
Apr 2, 2010
3,381
140
63
www.odiso.com
A simple rule like this should work.

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o vmbr0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -d <publicipaddress> --dport <yourdestport> -i vmbr0 -j DNAT --to-destination <privateipaddress>


(The gateway of your vm need to be the ip address of vmbr2)
 

asgasgdsg

New Member
Oct 26, 2018
8
0
1
97
A simple rule like this should work.

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o vmbr0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -d <publicipaddress> --dport <yourdestport> -i vmbr0 -j DNAT --to-destination <privateipaddress>


(The gateway of your vm need to be the ip address of vmbr2)
Thanks will check it.
 

asgasgdsg

New Member
Oct 26, 2018
8
0
1
97
... but some of us, we like it, and works very good(with bugs and broken parts included) ;)
There is a reason why I wanted to test it ... I understand that it is difficult to develop mainly free product...
 

guletz

Active Member
Apr 19, 2017
942
124
43
Brasov, Romania
Hi again @asgasgdsg !

Now regarding with your problem, I think that in your scenario, port-forwarding is not the best solution. I your case,
I would use haproxy as a front-end instead of port-forwarding for your nginx hosts. And more ... you can also create
a fail-over/ha using 2 guests/host with haproxy and ucarp. And this solution can scale very well!

I understand that it is difficult to develop mainly free product...
... not free product, is a open source product! In this life nothing is for free as I can see until now ;)
 

asgasgdsg

New Member
Oct 26, 2018
8
0
1
97
Hi again @asgasgdsg !

Now regarding with your problem, I think that in your scenario, port-forwarding is not the best solution. I your case,
I would use haproxy as a front-end instead of port-forwarding for your nginx hosts. And more ... you can also create
a fail-over/ha using 2 guests/host with haproxy and ucarp. And this solution can scale very well!


... not free product, is a open source product! In this life nothing is for free as I can see until now ;)

Funny thing. I was just thinking about Nginx vs HAProxy as indeed we have 2-4 instances of a same application per server (for load / deployment process as service has to be 100% available).

I see that HAProxy is already built it.

I assume that I could create HAProxy for i.e. MySQL.

Create 3 CT's and then use HAProxy to expose appropriate ports and act as load balancer for specific services/apps...

If HAProxy can expose any port to public IP and then balance it among the CT's then it would be a perfect solution...

Most important business requirements are => 100% safety of data, 100% availability (not 99.9999%, it has to work always no matter what), as restore from a CT backup is much faster than creation of servers => setup => data restoration...
 

guletz

Active Member
Apr 19, 2017
942
124
43
Brasov, Romania
  • Like
Reactions: asgasgdsg

asgasgdsg

New Member
Oct 26, 2018
8
0
1
97
yes




indeed





This is only a nice dream to have ;) Nothing in this world is 100% .... maybe in heaven ;)

YOU WERE RIGHT :)

HAPROXY DOES REDIRECT TRAFFIC TO SELECTED PORTS :)


THANK YOU VERY VERY MUCH, YOU HAVE SOLVED 2 ISSUES AT ONCE (load balancing & port / domain forwarding to nginx / services / apps etc)
 

guletz

Active Member
Apr 19, 2017
942
124
43
Brasov, Romania
I am glad to help you. I hope that you will reconsider your opinion about Proxmox. Even with bugs/errors here on this forum are many users who are willing to help and support.


You want to use mysql in cluster mode with haproxy as front-end?

Good luck!
 
  • Like
Reactions: asgasgdsg

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!