KIMSUFI forward ports to VM

vm1990

Active Member
Oct 3, 2014
40
2
26
ok sound simple should be simple but somethings going wrong simply want to forward set ports to the vms. heres what i got so far
if i do


auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
address Public_ip
netmask 24
gateway Public_GW
bridge-ports eno1
bridge-stp off
bridge-fd 0

#private sub network
auto vmbr1
iface vmbr1 inet manual
address 192.168.4.1
netmask 255.255.255.0
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s 192.168.4.0 -o eno1 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s 192.168.4.0 -o eno1 -j MASQUERADE
# post-up iptables -t nat -A PREROUTING -i vmbr1 -p tcp --dport 3390 -j DNAT --to 192.168.4.2:3389
# post-down iptables -t nat -D PREROUTING -i vmbr1 -p tcp --dport 3390 -j DNAT --to 192.168.4.2:3389
# post-up iptables -t nat -A PREROUTING -i vmbr1 -p udp--dport 6677 -j DNAT --to 192.168.4.2:6677
# post-down iptables -t nat -D PREROUTING -i vmbr1 -p udp --dport 6677 -j DNAT --to 192.168.4.2:6677

every connection gets reset. im either missing something or getting something in the wrong order
 
Last edited:
# post-up iptables -t nat -A PREROUTING -i vmbr1 -p tcp --dport 3390 -j DNAT --to 192.168.4.2:3389
# post-down iptables -t nat -D PREROUTING -i vmbr1 -p tcp --dport 3390 -j DNAT --to 192.168.4.2:3389
# post-up iptables -t nat -A PREROUTING -i vmbr1 -p udp--dport 6677 -j DNAT --to 192.168.4.2:6677
# post-down iptables -t nat -D PREROUTING -i vmbr1 -p udp --dport 6677 -j DNAT --to 192.168.4.2:6677
two things come to my mind (without testing it):
* the lines are commented - you'd need to remove the '#' in front so they actually get executed
* the -i vmbr1 seems wrong (the packets are coming in on vmbr0 - I'd try to remove the -i line (if that does not help add it with -i vmbr0)

I hope this helps
 
two things come to my mind (without testing it):
* the lines are commented - you'd need to remove the '#' in front so they actually get executed
* the -i vmbr1 seems wrong (the packets are coming in on vmbr0 - I'd try to remove the -i line (if that does not help add it with -i vmbr0)

I hope this helps
Thanks there commented out because i was tracking down what was going wrong.
if i use it as it is the connections get refused if i comment out "auto vmbr1" and everything below i can connect to the server again.
something very strange is happening somewhere.
 
One think I overlooked in my first reply is that your NAT rule is missing the netmask:
post-up iptables -t nat -A POSTROUTING -s 192.168.4.0 -o eno1 -j MASQUERADE
should be
Code:
[QUOTE="vm1990, post: 395912, member: 30243"]
post-up iptables -t nat -A POSTROUTING -s 192.168.4.0/24 -o eno1 -j MASQUERADE
[/QUOTE]

else it's odd that you could not connect to the public IP of the server with the settings you posted above..

I'd check the journal since booting (when the problem is present) - `journalctl -b` for errors/warnings from the network startup scripts

I hope this helps!
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!