Multiple Subnets Help Needed

[twister666]

Hello everyone!

I am trying to setup 2 subnets (private and public) and to make private network routed to public.
My server has 2 nics. eth0 in vmbr0 and is assigned to local network (192.168.1.2/24 gw:192.168.1.1) that connects to local router (used purelly as switch and dhcp server). The second nic eth1 in vmbr1 has no ip and no gw. My vms are on vmbr0 and can access the internet using public ip addresses. Could anyone help me with configuring local network to work to route to public.


THanks in advance!

 

[mir]

If no services is to hosted on vmbr1 then a simple iptables rule should suffice:
iptables -t nat -A POSTROUTING -o vmbr0 -j SNAT --to-source 192.168.1.2

 

[twister666]

Thank you mir I will try this. I eventually will host few services but at the moment if it works, would be enough. Thank you.

 

[mir]

Thank you mir I will try this. I eventually will host few services but at the moment if it works, would be enough. Thank you.

If services is needed then steps is more or less the following:

-- allow input to pve
1) iptables -A INPUT -p ALL -d 192.168.1.2 -m state --state ESTABLISHED,RELATED -j ACCEPT
-- allow forward from vmbr0 to vmbr1
2) iptables -A FORWARD -p (tcp|udp|all) -i vmbr0 -o vmbr1 -d <PUBLIC_IP> --dport <PORT> -j allowed
3) iptables -A FORWARD -i vmbr1 -j ACCEPT
-- but only allow forward if the packet belongs to an established or related connection
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-- route incoming connections to pve destined for the hosted service on vmbr1 using NAT
4) iptables -t nat -A PREROUTING -p (tcp|udp|all) --dport <PORT> -i vmbr0 -j DNAT --to <PUBLIC_IP>