Is there any simple solution to add port forwarding configuration to web console?

[midix]

I wanted to install Proxmox on one of my company's servers to allow my colleagues to quickly bring up some small LXC virtual machines for experiments and development environments.

Usually developers want to have their project (e.g. website) with public (or at least LAN) access. A typical example is bringing up a web server on a VM or LXC port 80 and then allowing everyone to access it on any free port available on the Proxmox node IP, as long as the developer knows which port was dedicated to his VM and announces it to colleagues.

Currently it seems we have to use *nix console to add port forwarding rules manually to network interface config files.

But I don't want to give all developers Admin access to the Proxmox node console because it is too easy to mess up things there. Just a simple "Add port forwarding to my VM" web form and accompanying script to modify the port forwarding rules and refresh iptable configuration should do the job.

Is there any simple solution for this? In these days when every cheap router includes NAT port forwarding configuration page, is there something similar for Proxmox?

Of course, ideal solution would be to add also DNS server to serve subdomains for each VM, for example: project1.our-proxmox-node.company.com:8081, but I guess that's a different story...

 

[stappers]

With guest VMs having their own IP address, there is no need for port forwarding ...

 

[midix]

Unfortunately we won't be able to allocate necessary amount of outer IPs for all VMs (we have many small parallel ongoing projects and experiments to test), and anyway there is just one public external IP for the Proxmox node.

Proxmox internal networking with NAT and port forwarding would be a perfect solution, if only it had a web UI for more convenient control for non-Admin role Proxmox users.

 

[stappers]

reverse webproxy

(apology for being terse, it is getting way too late in my timezone )

 

[midix]

Yes, reverse webproxy might be helpful for simple websites. But some projects need SSH access, others might contain some custom software with custom ports etc., so port forwarding is a must.

Ironically, Proxmox Wiki also suggests avoiding direct modification of files:

but using the GUI is still preferable, because it protects you from errors.

If only port forwarding was available in GUI. Maybe this could be a feature request - to add some typical MASQUERADE and port forwarding settings to UI (and also immediate effect without full restart - it wouldn't be good if I need to fully restart the node with all VMs just to add port forwarding for one VM) in next Proxmox releases, to avoid direct manipulation of interfaces as much as possible.

 

[Rares]

I created a VM to act as a gateway and webproxy with wild card vhots.

It think if you install pfSense, you could use it's web gui. Also you can have some proactive firewall working to protect against attacks.
If you have the machines made in advanced you can pre-configure the forwarding rules.

 

[cheetosmax]

Good afternoon,
is something like this in the pipeline?

I am in a similar situation as OP.
A VirtualBox-like network adapter management UI would be perfect:
When NAT is selected for a virtual network adapter (which is the default VM template config), you get 1. internal DHCP and 2. this:



That makes it very easy to manage a large number of VMs on a hosted dedicated server hypervisor with a single public IP.