How to port forward on Kimsufi on 5.3.6 (old tutorials are not working)

[asgasgdsg]

As per question.

There is no single working tutorial for 5.3.6 (either some features removed / changed / things changed) for Kimsufi.


I.e.

1 public IP needs to expose ports to 5 container's ssh.


Have vmbr0 with public IP (as any other kimsufi server)
vmbr1 with 10.0.0.1

container 10.0.0.2

Can ping and login via ssh from host

Can access internet from container




*****

I've checked number of posts on this forum, seems like this issue was never solved which is weird as port forwarding is an industry standard to exposing different services. I will just go back to clean Ubuntu as there is no issue with using even thousand domains on one ip, and I really don't know why Proxmox is not viable option.

Too bad as we would take the commercial support as we have over 10 servers and keep growing.

However if something so simple is broken then I cannot imagine growing it to the cluster of 50-200 servers. Very disappointing.

 

[sb-jw]

I don't think its an PVE Problem as i can read here from your Thread. I think it is more an Problem at Kimsufi. For example, the german Hoster "Hetzner" has virtual MAC Adresses which you need, when you want to gave an Public IP to an virtual Machine. So maybe you have to ask the Kimsufi support if there are any known limitation on the Network.

Otherwise, please post some more informations here.

 

[asgasgdsg]

I don't think its an PVE Problem as i can read here from your Thread. I think it is more an Problem at Kimsufi. For example, the german Hoster "Hetzner" has virtual MAC Adresses which you need, when you want to gave an Public IP to an virtual Machine. So maybe you have to ask the Kimsufi support if there are any known limitation on the Network.

Otherwise, please post some more informations here.

I don't want to give public IP to the VM. I want to redirect ports as I did on Ubuntu machines.

I have number of Kimsufi machines that exposing number of applications via ports/domains. Everything working like a dream.

Only problem is with Proxmox. Could you explain why do you think it has anything to do with Kimsufi ???

Each server has 1 IP and runs ~ 3-10 applications (accessible via ports / domains using NGINX).

 

[sb-jw]

Could you explain why do you think it has anything to do with Kimsufi ???

For example, the german Hoster "Hetzner" has virtual MAC Adresses which you need, when you want to gave an Public IP to an virtual Machine.

 

[asgasgdsg]

I have number of Kimsufi machines that exposing number of applications via ports/domains. Everything working like a dream.

As per above. NOT A KIMSUFI FAULT THAT PORT FORWARDING IS BROKEN BY PROXMOX.

Obviously port forwarding is broken on Debian with Proxmox, so how to fix it as there is plenty of people asking about it.

It is technically possible to port forward on Kimsufi, it is working and Proxmox is breaking or implementing it in wrong way.


I am not the first person asking about it, and there is a reason. This normally works on Linux, and Proxmox's dev's broke it.

 

[sb-jw]

Otherwise, please post some more informations here.

For example the interfaces file, etc. All what's needed to check or help you.

Have vmbr0 with public IP (as any other kimsufi server)
vmbr1 with 10.0.0.1

container 10.0.0.2

Can ping and login via ssh from host

Can access internet from container

And on the other ones it works? If yes, what's the difference?

 

[asgasgdsg]

For example the interfaces file, etc. All what's needed to check or help you.


And on the other ones it works? If yes, what's the difference?

1. None of tutorials, posts, etc. (tests ~ 8-10) worked on newest Proxmox + Debian Stretch
Config doesn't matter as I've used number of different configs

2. According to many sources port forwarding is broken on Proxmox + Debian Stretch. Only working on < 5.x with Debian 8.x


If you have any example that is working on Debian 9.x + Proxmox 5.x, I will gladly test it.

It seems that Proxmox was never tested by dev team as there is also number of complains of non-working Proxmox manually installed (using instruction) and newest Debian version (there is some dependency issue).


To be honest I already deleted all Proxmox as will be recommending other system when Virtualization is needed (for now we will stick with working LXD support on Ubunt).

However if you have WORKING & TESTED (I am software engineer and can't understand how anyone can release anything without testing, aren't they using CI/CD ??? What year it is ? 1996 ? Can't they use unit/integration/contract testing ? WTF) I will test it, but to be honest I can't recommend system with so poor implementation, number of people complaining about bugs that weren't fixed for YEARS, broken in many use cases as a commercial virtualization platform that will be shortly using hundreds of servers.

This is my second approach to Proxmox and I am surprised by how amateurish is XenForo dev process (I know that they are not real software engineers so they might not know about some processes and best standards, but it is not a young company, they should hire consultant, fire all "devs" and hire some new guys that could at least mimic processes that real software engineers are following every day)...


Perhaps our new admin will solve it, but I will definitely oppose Proxmox. I've wasted way too much of my time on this. And it is simply broken piece of distro.

 

[spirit]

A simple rule like this should work.

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o vmbr0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -d <publicipaddress> --dport <yourdestport> -i vmbr0 -j DNAT --to-destination <privateipaddress>


(The gateway of your vm need to be the ip address of vmbr2)

 

[guletz]

And it is simply broken piece of distro.

... but some of us, we like it, and works very good(with bugs and broken parts included)

 

[asgasgdsg]

A simple rule like this should work.

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o vmbr0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -d <publicipaddress> --dport <yourdestport> -i vmbr0 -j DNAT --to-destination <privateipaddress>


(The gateway of your vm need to be the ip address of vmbr2)

Thanks will check it.

 

[asgasgdsg]

... but some of us, we like it, and works very good(with bugs and broken parts included)

There is a reason why I wanted to test it ... I understand that it is difficult to develop mainly free product...

 

[guletz]

Hi again @asgasgdsg !

Now regarding with your problem, I think that in your scenario, port-forwarding is not the best solution. I your case,
I would use haproxy as a front-end instead of port-forwarding for your nginx hosts. And more ... you can also create
a fail-over/ha using 2 guests/host with haproxy and ucarp. And this solution can scale very well!

I understand that it is difficult to develop mainly free product...

... not free product, is a open source product! In this life nothing is for free as I can see until now

 

[asgasgdsg]

Hi again @asgasgdsg !

Now regarding with your problem, I think that in your scenario, port-forwarding is not the best solution. I your case,
I would use haproxy as a front-end instead of port-forwarding for your nginx hosts. And more ... you can also create
a fail-over/ha using 2 guests/host with haproxy and ucarp. And this solution can scale very well!


... not free product, is a open source product! In this life nothing is for free as I can see until now

Funny thing. I was just thinking about Nginx vs HAProxy as indeed we have 2-4 instances of a same application per server (for load / deployment process as service has to be 100% available).

I see that HAProxy is already built it.

I assume that I could create HAProxy for i.e. MySQL.

Create 3 CT's and then use HAProxy to expose appropriate ports and act as load balancer for specific services/apps...

If HAProxy can expose any port to public IP and then balance it among the CT's then it would be a perfect solution...

Most important business requirements are => 100% safety of data, 100% availability (not 99.9999%, it has to work always no matter what), as restore from a CT backup is much faster than creation of servers => setup => data restoration...

 

[guletz]

I assume that I could create HAProxy for i.e. MySQL.

yes

If HAProxy can expose any port to public IP and then balance it among the CT's then it would be a perfect solution...

indeed

Most important business requirements are => 100% safety of data, 100% availability

This is only a nice dream to have Nothing in this world is 100% .... maybe in heaven

 

[asgasgdsg]

yes




indeed





This is only a nice dream to have Nothing in this world is 100% .... maybe in heaven

YOU WERE RIGHT

HAPROXY DOES REDIRECT TRAFFIC TO SELECTED PORTS


THANK YOU VERY VERY MUCH, YOU HAVE SOLVED 2 ISSUES AT ONCE (load balancing & port / domain forwarding to nginx / services / apps etc)

 

[guletz]

I am glad to help you. I hope that you will reconsider your opinion about Proxmox. Even with bugs/errors here on this forum are many users who are willing to help and support.


You want to use mysql in cluster mode with haproxy as front-end?

Good luck!

 

[guletz]

Thx again

 

[videotronix]

if anyone is still needing help I used this video to create vms on a local network and then forwarded only selected ports to each vm like one was a webserver to it got 80 and 443 another was a game server so it got 27015 etc very cool way to use only one public static ip and forward ports to local internet network via iptables thanks guys! https://www.youtube.com/watch?v=GBMbo4u8K1Q