[SOLVED] iptables rule to allow access from one VM (private ip) to second VM (public ip)

S

sup98765

New Member
Feb 11, 2021
11
1
3
45
Hello
Who can help with understanding such question.
I have two VM with private ip addresses. One of them have rules to allow access by several ports from outside to public ip of the Proxmox.
So rules work - I have access to VM from outside.
Code: 
iptables -t nat -A PREROUTING -p tcp -d 116.XXX.XXX.99 --dport 8443 -j DNAT --to-destination 192.168.7.200:8443

But I need access from one VM to second VM - and I have, but by internal ip addresses, meanwhile I need from private ip(one VM) to public ip(second VM).
In which tables I require make such rule, and how does it look like?
 
Last edited:
hi,

sup98765 said:
I have two VM with private ip addresses. One of them have rules to allow access by several ports from outside to public ip of the Proxmox.
So rules work - I have access to VM from outside.
Click to expand...
okay

sup98765 said:
But I need access from one VM to second VM - and I have, but by internal ip addresses,
Click to expand...
i'm assuming your VMs are on the same internal subnet? doesn't it work if you try accessing it normally via their internal IPs?

you can try checking if you can access from your VM1 with: curl -k https://192.168.7.200:8443 (assuming the 7.200 is the IP for the VM2)
 
hi, I have already solved. Thank you.
I have access between VMs. And make comunication by internal addresses.
From another forum I also receive:


1) A fairly common mistake (at least in the questions here) is that they try to solve a problem through iptables that needs to be solved through the routing configuration


2) but by internal ip addresses

and why might this not be enough?

ip addresses, meanwhile I need from private ip (one VM) to public ip (second VM).

allow.
I understand the problem is that the second machine does not have Internet access,
because there is no router.
once again the question arises, why connect to a neighboring machine through a route that you do not physically have?
If you want to connect between devices on the same subnet, you don't need a gateway.
 
sup98765 said:
hi, I have already solved. Thank you.
I have access between VMs. And make comunication by internal addresses.
Click to expand...
okay, then you can mark this thread [SOLVED]

sup98765 said:
once again the question arises, why connect to a neighboring machine through a route that you do not physically have?
If you want to connect between devices on the same subnet, you don't need a gateway.
Click to expand...
you still need a gateway in place (or a machine acting as one) in order to connect between devices on the same subnet, unless both are configured with a direct connection to each other (like just plugging the two machines via ethernet to each other).
you may not have the route physically but your PVE is acting as a gateway because of the bridge NIC.
hopefully this explains somethings.
 
You must log in or register to reply here.
Top Bottom