iptables is not apply for NAT VM

W

Woodire

Member
Nov 24, 2020
1
0
6
29
Hello,

I tried to install Proxmox 6.4 on the new server.
We created settings for the local IP to be after NAT (see spoiler settings of Host (Proxmox)).

Code: 
auto vmbr0
iface vmbr0 inet static
        address 152.xx.xxx.104/24
        gateway 152.xx.xxx.254
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0


auto vmbr1
iface vmbr1 inet static
        address 10.10.10.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0


        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE


I want for a new VM with windows installed to allow access to RDP from external IP using the command on the Host (Proxmox)
iptables -A PREROUTING -d 152.xx.xxx.104/32 -i vmbr0 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 10.10.10.2:3389
After
iptables-save

Code: 
root@px ~#  iptables -S -t nat

-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A PREROUTING -d 152.xx.xxx.104/32 -i vmbr0 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 10.10.10.2:3389
-A POSTROUTING -s 10.10.10.0/24 -o vmbr0 -j MASQUERADE
-A POSTROUTING -s 10.10.10.0/24 -o vmbr0 -j MASQUERADE

Normally VM 10.10.10.2 should allow access to RDP, but this does not happen.
netstat -lnp | grep 3389
it doesn't show anything.


Question: Why is there no access to RDP and the port is not open after creating the command:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3389 -j ACCEPT

Reboot to the server did not help, restart the network everything.
 
Woodire said:
Normally VM 10.10.10.2 should allow access to RDP, but this does not happen.
netstat -lnp | grep 3389
it doesn't show anything.
Click to expand...
wouldn't show you anything, since it just forwards the port (but doesn't listen, your VM needs to listen instead)

Woodire said:
Question: Why is there no access to RDP and the port is not open after creating the command:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3389 -j ACCEPT
Click to expand...
try on the PREROUTING:

Code: 
iptables -t nat -A PREROUTING -i eno1 -p tcp --dport 3389 -j DNAT --to 10.10.10.2:3389

and then start your VM, make sure RDP is running in it. you can try accessing it then with your PVE IP address.
 
You must log in or register to reply here.
Top Bottom
Back