NAT needed as only 1 Public IP, but not fully working

S

Stuart Blair

New Member
May 10, 2021
3
0
1
55
Ok, I have only just started with Proxmox (so please go gentle) and I am trying to set it up on a Hertzner Dedicated sever which just comes with 1 IP (144.76.xx.xx). I am looking to host all my VMs on a NAT network , the idea being that they will be able to access the internet and via limited port forwarding they would be accessible from the internet but only via certain ports.

i have spent days looking such a scenario up on various internet website, and as a result my /etc/network/interfaces file is as follows :

Code: 
### Hetzner Online GmbH installimage

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback


auto enp2s0
iface enp2s0 inet static
  address 144.76.xx.xx
  netmask 255.255.255.224
  gateway 144.76.154.33
  # route 144.76.154.32/27 via 144.76.154.33
  up route add -net 144.76.154.32 netmask 255.255.255.224 gw 144.76.154.33 dev enp2s0

auto vmbr0
#private sub network
iface vmbr0 inet static
        address  10.10.10.1
        netmask  255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o enp2s0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o enp2s0 -j MASQUERADE

I then attached a test Win10 VM and gave it a static IP of 10.10.10.10 a subnet mask of 255.255.255.0 and a gateway of 144.76.xx.xx (ie my Public IP.) The VM can happily browse the web but when i run:

Code: 
iptables -t nat -A PREROUTING -p tcp -d 144.76.xx.xx --dport 53389 -i vmbr0 -j DNAT --to-destination 10.10.10.10:3389

and

Code: 
iptables -t nat -A PREROUTING -p tcp -d 144.76.xx.xx --dport 80 -i vmbr0 -j DNAT --to-destination 10.10.10.10:80

neither port 3389 or 80 is accessable FROM the internet.

( everthing above the line "auto vmbr0" is untouched as it was alredy in place from Hetzner)

I am now stuck, what have i got wrong in the above ?
 
found it !!
when i changed vmbr0 to enp2s0 on the two port forwarding rules it worked.

so the 2 new port forwarding rules became:
iptables -t nat -A PREROUTING -p tcp -d 144.76.xx.xx --dport 53389 -i enp2s0 -j DNAT --to-destination 10.10.10.10:3389
iptables -t nat -A PREROUTING -p tcp -d 144.76.xx.xx --dport 80 -i enp2s0 -j DNAT --to-destination 10.10.10.10:80
 
You must log in or register to reply here.
Top Bottom