How to port forward on Kimsufi on 5.3.6 (old tutorials are not working)

Discussion in 'Proxmox VE: Networking and Firewall' started by asgasgdsg, Jan 6, 2019.

  1. asgasgdsg

    asgasgdsg New Member

    Joined:
    Oct 26, 2018
    Messages:
    8
    Likes Received:
    0
    As per question.

    There is no single working tutorial for 5.3.6 (either some features removed / changed / things changed) for Kimsufi.


    I.e.

    1 public IP needs to expose ports to 5 container's ssh.


    Have vmbr0 with public IP (as any other kimsufi server)
    vmbr1 with 10.0.0.1

    container 10.0.0.2

    Can ping and login via ssh from host

    Can access internet from container




    *****

    I've checked number of posts on this forum, seems like this issue was never solved :( which is weird as port forwarding is an industry standard to exposing different services. I will just go back to clean Ubuntu as there is no issue with using even thousand domains on one ip, and I really don't know why Proxmox is not viable option.

    Too bad as we would take the commercial support as we have over 10 servers and keep growing.

    However if something so simple is broken then I cannot imagine growing it to the cluster of 50-200 servers. Very disappointing.
     
    #1 asgasgdsg, Jan 6, 2019
    Last edited: Jan 6, 2019
  2. sb-jw

    sb-jw Member

    Joined:
    Jan 23, 2018
    Messages:
    261
    Likes Received:
    23
    I don't think its an PVE Problem as i can read here from your Thread. I think it is more an Problem at Kimsufi. For example, the german Hoster "Hetzner" has virtual MAC Adresses which you need, when you want to gave an Public IP to an virtual Machine. So maybe you have to ask the Kimsufi support if there are any known limitation on the Network.

    Otherwise, please post some more informations here.
     
  3. asgasgdsg

    asgasgdsg New Member

    Joined:
    Oct 26, 2018
    Messages:
    8
    Likes Received:
    0
    I don't want to give public IP to the VM. I want to redirect ports as I did on Ubuntu machines.

    I have number of Kimsufi machines that exposing number of applications via ports/domains. Everything working like a dream.

    Only problem is with Proxmox. Could you explain why do you think it has anything to do with Kimsufi ???

    Each server has 1 IP and runs ~ 3-10 applications (accessible via ports / domains using NGINX).
     
  4. sb-jw

    sb-jw Member

    Joined:
    Jan 23, 2018
    Messages:
    261
    Likes Received:
    23
     
  5. asgasgdsg

    asgasgdsg New Member

    Joined:
    Oct 26, 2018
    Messages:
    8
    Likes Received:
    0
    As per above. NOT A KIMSUFI FAULT THAT PORT FORWARDING IS BROKEN BY PROXMOX.

    Obviously port forwarding is broken on Debian with Proxmox, so how to fix it as there is plenty of people asking about it.

    It is technically possible to port forward on Kimsufi, it is working and Proxmox is breaking or implementing it in wrong way.


    I am not the first person asking about it, and there is a reason. This normally works on Linux, and Proxmox's dev's broke it.
     
  6. sb-jw

    sb-jw Member

    Joined:
    Jan 23, 2018
    Messages:
    261
    Likes Received:
    23
    For example the interfaces file, etc. All what's needed to check or help you.

    And on the other ones it works? If yes, what's the difference?
     
  7. asgasgdsg

    asgasgdsg New Member

    Joined:
    Oct 26, 2018
    Messages:
    8
    Likes Received:
    0

    1. None of tutorials, posts, etc. (tests ~ 8-10) worked on newest Proxmox + Debian Stretch
    Config doesn't matter as I've used number of different configs

    2. According to many sources port forwarding is broken on Proxmox + Debian Stretch. Only working on < 5.x with Debian 8.x


    If you have any example that is working on Debian 9.x + Proxmox 5.x, I will gladly test it.

    It seems that Proxmox was never tested by dev team as there is also number of complains of non-working Proxmox manually installed (using instruction) and newest Debian version (there is some dependency issue).


    To be honest I already deleted all Proxmox as will be recommending other system when Virtualization is needed (for now we will stick with working LXD support on Ubunt).

    However if you have WORKING & TESTED (I am software engineer and can't understand how anyone can release anything without testing, aren't they using CI/CD ??? What year it is ? 1996 ? Can't they use unit/integration/contract testing ? WTF) I will test it, but to be honest I can't recommend system with so poor implementation, number of people complaining about bugs that weren't fixed for YEARS, broken in many use cases as a commercial virtualization platform that will be shortly using hundreds of servers.

    This is my second approach to Proxmox and I am surprised by how amateurish is XenForo dev process (I know that they are not real software engineers so they might not know about some processes and best standards, but it is not a young company, they should hire consultant, fire all "devs" and hire some new guys that could at least mimic processes that real software engineers are following every day)...


    Perhaps our new admin will solve it, but I will definitely oppose Proxmox. I've wasted way too much of my time on this. And it is simply broken piece of distro.
     
  8. spirit

    spirit Well-Known Member

    Joined:
    Apr 2, 2010
    Messages:
    3,243
    Likes Received:
    121
    A simple rule like this should work.

    echo 1 > /proc/sys/net/ipv4/ip_forward

    iptables -t nat -A POSTROUTING -o vmbr0 -j MASQUERADE
    iptables -t nat -A PREROUTING -p tcp -d <publicipaddress> --dport <yourdestport> -i vmbr0 -j DNAT --to-destination <privateipaddress>


    (The gateway of your vm need to be the ip address of vmbr2)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. guletz

    guletz Active Member

    Joined:
    Apr 19, 2017
    Messages:
    784
    Likes Received:
    107
    ... but some of us, we like it, and works very good(with bugs and broken parts included) ;)
     
  10. asgasgdsg

    asgasgdsg New Member

    Joined:
    Oct 26, 2018
    Messages:
    8
    Likes Received:
    0
    Thanks will check it.
     
  11. asgasgdsg

    asgasgdsg New Member

    Joined:
    Oct 26, 2018
    Messages:
    8
    Likes Received:
    0
    There is a reason why I wanted to test it ... I understand that it is difficult to develop mainly free product...
     
  12. guletz

    guletz Active Member

    Joined:
    Apr 19, 2017
    Messages:
    784
    Likes Received:
    107
    Hi again @asgasgdsg !

    Now regarding with your problem, I think that in your scenario, port-forwarding is not the best solution. I your case,
    I would use haproxy as a front-end instead of port-forwarding for your nginx hosts. And more ... you can also create
    a fail-over/ha using 2 guests/host with haproxy and ucarp. And this solution can scale very well!

    ... not free product, is a open source product! In this life nothing is for free as I can see until now ;)
     
  13. asgasgdsg

    asgasgdsg New Member

    Joined:
    Oct 26, 2018
    Messages:
    8
    Likes Received:
    0

    Funny thing. I was just thinking about Nginx vs HAProxy as indeed we have 2-4 instances of a same application per server (for load / deployment process as service has to be 100% available).

    I see that HAProxy is already built it.

    I assume that I could create HAProxy for i.e. MySQL.

    Create 3 CT's and then use HAProxy to expose appropriate ports and act as load balancer for specific services/apps...

    If HAProxy can expose any port to public IP and then balance it among the CT's then it would be a perfect solution...

    Most important business requirements are => 100% safety of data, 100% availability (not 99.9999%, it has to work always no matter what), as restore from a CT backup is much faster than creation of servers => setup => data restoration...
     
  14. guletz

    guletz Active Member

    Joined:
    Apr 19, 2017
    Messages:
    784
    Likes Received:
    107
    yes


    indeed



    This is only a nice dream to have ;) Nothing in this world is 100% .... maybe in heaven ;)
     
    asgasgdsg likes this.
  15. asgasgdsg

    asgasgdsg New Member

    Joined:
    Oct 26, 2018
    Messages:
    8
    Likes Received:
    0

    YOU WERE RIGHT :)

    HAPROXY DOES REDIRECT TRAFFIC TO SELECTED PORTS :)


    THANK YOU VERY VERY MUCH, YOU HAVE SOLVED 2 ISSUES AT ONCE (load balancing & port / domain forwarding to nginx / services / apps etc)
     
  16. guletz

    guletz Active Member

    Joined:
    Apr 19, 2017
    Messages:
    784
    Likes Received:
    107
    I am glad to help you. I hope that you will reconsider your opinion about Proxmox. Even with bugs/errors here on this forum are many users who are willing to help and support.


    You want to use mysql in cluster mode with haproxy as front-end?

    Good luck!
     
    asgasgdsg likes this.
  17. guletz

    guletz Active Member

    Joined:
    Apr 19, 2017
    Messages:
    784
    Likes Received:
    107
    Thx again ;)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice