Iptables REDIRECT not working after migration

O

OverLocker

New Member
Jul 2, 2019
4
0
1
46
Hello,
Please help,
I am just migrate VM from Proxmox OpenVZ (Kernel 2.6.32-39-pve) to fresh version (4.15.18-12-pve).
In a VM i have iptables redirect rule from http to tcp:5000
After rule is started (1-2 seconds) input on this rule stops working, nothing happends. Direct port 5000 works perfect, but not redirect. Other services ports are works. In old Proxmox this works too.

Please help to resolve it.

Thanks.
 
Have you enable the firewall on this CT?
How do you iptable rule look like?
 
As i see Firewall on CT is not enabled. How can i exactly check it?

iptables rule looks like:
iptables -t nat -A PREROUTING -i venet0 -p tcp --dport 80 -j REDIRECT --to-port 5000
I just recreate it manually for check.
I can see rule is receiveing bytes, but nothing happends.
 
Last edited:
There is no venetX in PVE <= 4
You must use veth Device
 
Last edited:
Didnt understand. When i need to use veth device?
Network is working in i migrated VM, except REDIRECT.
And in a network configuration file configured venet0:

# Auto generated lo interface
auto lo
iface lo inet loopback

# Auto generated venet0 interface
auto venet0
iface venet0 inet manual
up ifconfig venet0 up
up ifconfig venet0 127.0.0.2
up route add default dev venet0
down route del default dev venet0
down ifconfig venet0 down


iface venet0 inet6 manual
up route -A inet6 add default dev venet0
down route -A inet6 del default dev venet0

auto venet0:0
iface venet0:0 inet static
address 10.1.10.8
netmask 255.255.255.25
 
Start the container, run "ip -c a" and you will see the interface for CT is called veth<x> and no more vnet<X>
 
I create new VM from ubuntu template and gave interface veth90000 for it.

VM network configuration:

auto veth90000
iface veth90000 inet manual
up ifconfig veth90000 up
up ifconfig veth90000 127.0.0.2
up route add default dev veth90000
down route del default dev veth90000
down ifconfig veth90000 down


iface veth90000 inet6 manual
up route -A inet6 add default dev veth90000
down route -A inet6 del default dev veth90000

auto veth90000:0
iface veth90000:0 inet dhcp


Then i install nginx and set them to listen tcp:5000, it answers ok.
Then i create REDIRECT rule: iptables -t nat -A PREROUTING -i veth90000 -p tcp --dport 80 -j REDIRECT --to-port 5000

And nginx not answering with getting bytes on the rule.

What i am doing wrong?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom