Iptables chains and tables traversal

T

trollmann

New Member
Aug 9, 2022
11
0
1
Hi, I'm trying to learn a bit more in-depth about networking in Proxmox in order to diagnose some connection issues I'm having.

I thought maybe to just get confirmed how I believe packets are processed when sent to a container or VM.

Say I have a host with a single public IP and some guests. I have a rule that forwards packets to a container on port 80. This packet from the internet will then first go through prerouting, get its destination changed there and is then sent to the output chain and then postrouting chain, before arriving at the prerouting chain on the container, right?

I'm pretty sure about this, but since I'm having some issues I'd just like to make sure there's no chance packets in this setup goes through the input chain, which I could imagine since it's all on the same machine really.

Is this exactly the same for containers and VMs alike?

Thank you in advance
 
Oops, yes of course. I knew that but misremembered. Thanks. I just wasn't sure whether bridges and virtual interfaces and all that meant that in Ptroxmox it might take other routes.
 
Last edited:
You wouldn't happen to have any hints on what to look at when simple port forwarding isn't enough to get certain services to connect (between guests), or is that perhaps too specific for each use case?
 
Guests are typically on separate networks (bridges), separated by function, so the nextcloud and coturn lxc's for instance are on the same network (but not working, i.e. NC is working just fine, but calls don't get through), while there's a couple windows vms performing related tasks in another network.

Yes, normally firewalls are on, however I've of course tested with it off too in my attempts.

The problem with NC is as I mentioned, while for the windows network I have an issue with getting a client application (installed on a latptop, connecting through Internet) that is for receiving alerts from one of the windows servers to properly connect. It receives the alert, but is then supposed to download additional info about the alert and for that creates a new connection that seems to not get through and so the app just hangs.

Both cases involve connections through the Internet, while the NC-coturn issue involves that plus intra-network connections. Both I think has to do with NAT traversal in some way.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom