I can access to an application installed in k8s inside proxmox NAT

_gabriel said:
idk Kubernetes world, seems there is another sub network.
but why it display 30900 -> 8080 ? if it's true, then you need iptables nat forward --to 192.168.1.2:8080 ...
Click to expand...
i have also tries with 8080
1721916742038.png

i also change the ip tables ..but i still cant access to the app in @ipproxmox:8080
 
Last edited:
changing the configuration and simply reloading, doesn't always remove the NAT rules from iptables. Can you post the output of

Code: 
iptables -t nat -L
 
shanreich said:
changing the configuration and simply reloading, doesn't always remove the NAT rules from iptables. Can you post the output of

Code: 
iptables -t nat -L
Click to expand...
hi yes of cours here's the output :

Code: 
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http-alt to:192.168.1.2:8080
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  192.168.1.0/24       anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  192.168.1.0/24       anywhere             tcp dpt:30900 to:192.168.1.2:30900
DNAT       tcp  --  anywhere             anywhere             tcp dpt:32768 to:192.168.1.2:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:30800 to:192.168.1.2:30800
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http-alt to:192.168.1.2:8080

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere            !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  172.17.0.0/16        anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere
MASQUERADE  all  --  192.168.1.0/24       anywhere

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

if could help please ?
 
_gabriel said:
as already said, reboot to clear iptables.
Click to expand...
thanks for your time, but should i reboot the proxmox host ? but why ? if i reboot the host whats going to happen ?
this is what i have in /etc/network/interfaces :

Code: 
auto vmbr2
#private sub network
iface vmbr2 inet static
        address  192.168.1.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
       # post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
       # post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
# redirection to the web server
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 32768 -j DNAT --to 192.168.1.2:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 32768 -j DNAT --to 192.168.1.2:22
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 30800 -j DNAT --to 192.168.1.2:30800
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 30800 -j DNAT --to 192.168.1.2:30800
        post-up iptables -t nat -A PREROUTING  -i  vmbr0 -p tcp --dport 8080 -j DNAT --to 192.168.1.2:8080
        post-down iptables -t nat -D PREROUTING -i  vmbr0 -p tcp --dport 8080 -j DNAT --to 192.168.1.2:8080

and the app should work at @ip_proxmox_host:8080

ps:
idid not past the vmbr0 content
 
_gabriel said:
all your iptables rules attempts are still there until you reboot your proxmox host.
there is flush commands but idk exactly how it works, easier to reboot.
Click to expand...
i did so..it does not work..it works only inside the k8s cluster as before :


but from the brower ip_host:8080 no, it is not working.
1721924070985.png
 
You must log in or register to reply here.
Top Bottom