Nat Configuration

H

Harris Marfel

New Member
May 11, 2013
12
0
1
Pekanbaru, Indonesia
www.hrace009.com
Hello,

I am new to Proxmox and linux stuff
I have success Installing PX 3.4 on 1 IP Public

I create 1 vm with local ip 172.16.0.2 with configuration like this:
Code: 
auto lo
iface lo inet loopback
iface eth0 inet manual
iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
    address 222.124.15.80
    netmask 255.255.255.248
    gateway 222.124.15.1
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0
   
auto vmbr2
iface vmbr2 inet static
    address 172.16.0.1
    netmask 255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s '172.16.0.0/24' -o vmbr0 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '172.16.0.0/24' -o vmbr0 -j MASQUERADE
    post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 1022 -j DNAT --to 172.16.0.2:22
    post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 1022 -j DNAT --to 172.16.0.2:22
    post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 172.16.0.2:80
    post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 172.16.0.2:80
    post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 80 -j DNAT --to 172.16.0.2:80
    post-down iptables -t nat -D PREROUTING -i vmbr0 -p udp --dport 80 -j DNAT --to 172.16.0.2:80
at DNS, pointing subdomain me.personal.com to IP 222.124.15.80
And everything runs fine, and i can open web server, remote and wget anything from my home to me.personal.com.

Then i create 1 more VM with local IP 172.16.0.3
i added post up and post down only for remote:
Code: 
    post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 1122 -j DNAT --to 172.16.0.3:22
    post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 1122 -j DNAT --to 172.16.0.3:22
at 172.16.0.3 i can remote from my home, and ping to outside, and wget to other website
but, i can't wget to 222.124.15.80 (me.personal.com) and it always say Connection Refused.
Code: 
[root@172.16.0.3]wget http://me.personal.com/files.txt
--2015-12-29 15:01:58-- http://me.personal.com/files.txt
Resolving me.personal.com... 222.124.15.80
Connection to me.personal.com|222.124.15.80|80... failed: Connection refused.


does any configuration on iptables that i am missed?

Thank You :)
 
Hi
This looks strange to me:

post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 80 -j DNAT --to 172.16.0.2:80
post-down iptables -t nat -D PREROUTING -i vmbr0 -p udp --dport 80 -j DNAT --to 172.16.0.2:80

you would just need the tcp forwarding for a web server

also you could use the proxmox built in firewall instead of writing your own rules
 
  • Like
Reactions: Harris Marfel
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back