Nat Configuration

[Harris Marfel]

Hello,

I am new to Proxmox and linux stuff
I have success Installing PX 3.4 on 1 IP Public

I create 1 vm with local ip 172.16.0.2 with configuration like this:

auto lo
iface lo inet loopback
iface eth0 inet manual
iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
    address 222.124.15.80
    netmask 255.255.255.248
    gateway 222.124.15.1
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0
   
auto vmbr2
iface vmbr2 inet static
    address 172.16.0.1
    netmask 255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s '172.16.0.0/24' -o vmbr0 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '172.16.0.0/24' -o vmbr0 -j MASQUERADE
    post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 1022 -j DNAT --to 172.16.0.2:22
    post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 1022 -j DNAT --to 172.16.0.2:22
    post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 172.16.0.2:80
    post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 172.16.0.2:80
    post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 80 -j DNAT --to 172.16.0.2:80
    post-down iptables -t nat -D PREROUTING -i vmbr0 -p udp --dport 80 -j DNAT --to 172.16.0.2:80

at DNS, pointing subdomain me.personal.com to IP 222.124.15.80
And everything runs fine, and i can open web server, remote and wget anything from my home to me.personal.com.

Then i create 1 more VM with local IP 172.16.0.3
i added post up and post down only for remote:

    post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 1122 -j DNAT --to 172.16.0.3:22
    post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 1122 -j DNAT --to 172.16.0.3:22

at 172.16.0.3 i can remote from my home, and ping to outside, and wget to other website
but, i can't wget to 222.124.15.80 (me.personal.com) and it always say Connection Refused.

[root@172.16.0.3]wget http://me.personal.com/files.txt
--2015-12-29 15:01:58-- http://me.personal.com/files.txt
Resolving me.personal.com... 222.124.15.80
Connection to me.personal.com|222.124.15.80|80... failed: Connection refused.

does any configuration on iptables that i am missed?

Thank You

 

[manu]

Hi
This looks strange to me:

post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 80 -j DNAT --to 172.16.0.2:80
post-down iptables -t nat -D PREROUTING -i vmbr0 -p udp --dport 80 -j DNAT --to 172.16.0.2:80

you would just need the tcp forwarding for a web server

also you could use the proxmox built in firewall instead of writing your own rules

 

[Harris Marfel]

Oh yes, forget about UDP port 80, it just miss configure.
And thanks for the reply.

i am follow guide from wiki here https://pve.proxmox.com/wiki/Network_Model
could you please give me a sample with built in firewall? in picture.
so i can experiment and trying by my self before i implement it to public.