NAT needed as only 1 Public IP, but not fully working

S

Stuart Blair

New Member
May 10, 2021
3
0
1
54
Ok, I have only just started with Proxmox (so please go gentle) and I am trying to set it up on a Hertzner Dedicated sever which just comes with 1 IP (144.76.xx.xx). I am looking to host all my VMs on a NAT network , the idea being that they will be able to access the internet and via limited port forwarding they would be accessible from the internet but only via certain ports.

i have spent days looking such a scenario up on various internet website, and as a result my /etc/network/interfaces file is as follows :

Code: 
### Hetzner Online GmbH installimage

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback


auto enp2s0
iface enp2s0 inet static
  address 144.76.xx.xx
  netmask 255.255.255.224
  gateway 144.76.154.33
  # route 144.76.154.32/27 via 144.76.154.33
  up route add -net 144.76.154.32 netmask 255.255.255.224 gw 144.76.154.33 dev enp2s0

auto vmbr0
#private sub network
iface vmbr0 inet static
        address  10.10.10.1
        netmask  255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o enp2s0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o enp2s0 -j MASQUERADE

I then attached a test Win10 VM and gave it a static IP of 10.10.10.10 a subnet mask of 255.255.255.0 and a gateway of 144.76.xx.xx (ie my Public IP.) The VM can happily browse the web but when i run:

Code: 
iptables -t nat -A PREROUTING -p tcp -d 144.76.xx.xx --dport 53389 -i vmbr0 -j DNAT --to-destination 10.10.10.10:3389

and

Code: 
iptables -t nat -A PREROUTING -p tcp -d 144.76.xx.xx --dport 80 -i vmbr0 -j DNAT --to-destination 10.10.10.10:80

neither port 3389 or 80 is accessable FROM the internet.

( everthing above the line "auto vmbr0" is untouched as it was alredy in place from Hetzner)

I am now stuck, what have i got wrong in the above ?
 
found it !!
when i changed vmbr0 to enp2s0 on the two port forwarding rules it worked.

so the 2 new port forwarding rules became:
iptables -t nat -A PREROUTING -p tcp -d 144.76.xx.xx --dport 53389 -i enp2s0 -j DNAT --to-destination 10.10.10.10:3389
iptables -t nat -A PREROUTING -p tcp -d 144.76.xx.xx --dport 80 -i enp2s0 -j DNAT --to-destination 10.10.10.10:80
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom