Hi, I have the following setup:
1 physical pve server with 5 WAN IPs assigned to me from my ISP (so not a complete subnet) with 1 network interface enabled.
On the server I have 2 bridges, 1 for the external traffic and 1 for LAN traffic. On the proxmox server I have ntpd and dnsmasq enabled that listen on the internal bridge to provide DNS, DHCP and NTP to potential vms in that RFC1918 space.
My network config is as follows:
As far as I know, this /should/ work, except I'm not seeing any entries in iptables when this is run with a restart of the network stack, but it also doesn't give me errors when I run the iptables commands manually. In this example, I would like to be able to use the extra external IPs as well, but for the moment I would settle for at the very least being able to NAT to inside IPs.
Any ideas where I'm going wrong?
1 physical pve server with 5 WAN IPs assigned to me from my ISP (so not a complete subnet) with 1 network interface enabled.
On the server I have 2 bridges, 1 for the external traffic and 1 for LAN traffic. On the proxmox server I have ntpd and dnsmasq enabled that listen on the internal bridge to provide DNS, DHCP and NTP to potential vms in that RFC1918 space.
My network config is as follows:
Code:
auto lo
iface lo inet loopback
iface eno1 inet manual
iface eno2 inet manual
auto vmbr0
iface vmbr0 inet static
address XX.XX.XX.141/24
gateway XX.XX.XX.1
bridge-ports eno1
bridge-stp off
bridge-fd 0
auto vmbr0:0
iface vmbr0:0 inet static
address XX.XX.XX.142/24
auto vmbr0:1
iface vmbr0:1 inet static
address XX.XX.XX.143/24
auto vmbr0:2
iface vmbr0:2 inet static
address XX.XX.XX.144/24
auto vmbr0:3
iface vmbr0:3 inet static
address XX.XX.XX.145/24
auto vmbr1
iface vmbr1 inet static
address 192.168.100.1/16
bridge-ports none
bridge-stp of
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/16' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -A POSTROUTING -s '192.168.0.0/16' -o vmbr0 -j MASQUERADE
# 2222:vm.name:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to 192.168.100.143:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to 192.168.100.143:22
As far as I know, this /should/ work, except I'm not seeing any entries in iptables when this is run with a restart of the network stack, but it also doesn't give me errors when I run the iptables commands manually. In this example, I would like to be able to use the extra external IPs as well, but for the moment I would settle for at the very least being able to NAT to inside IPs.
Any ideas where I'm going wrong?