NAT Pain and Suffering

M

mooperd

New Member
Mar 1, 2024
1
0
1
I've been struggling to set this up on various flavours of Linux for my entire career. The shame runs deep. I have a Debian host which has a public IP address assigned. There is a bridge which has a single Ubuntu 22.04 virtual machine attached. I need that VM to have internet access so would like to configure NAT on the physical host.


Code: 
enp8s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 1.2.3.4  netmask 255.255.255.192  broadcast 0.0.0.0
inet6 fe80::aaa1:59ff:fead:2ec0  prefixlen 64  scopeid 0x20<link>
ether a8:a1:59:ad:2e:c0  txqueuelen 1000  (Ethernet)
RX packets 165  bytes 19942 (19.4 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 162  bytes 26597 (25.9 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
inet 127.0.0.1  netmask 255.0.0.0
inet6 ::1  prefixlen 128  scopeid 0x10<host>
loop  txqueuelen 1000  (Local Loopback)
RX packets 0  bytes 0 (0.0 B)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 0  bytes 0 (0.0 B)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vmbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
inet 192.168.0.1  netmask 255.255.255.0  broadcast 0.0.0.0
inet6 fe80::c051:1ff:fe99:433e  prefixlen 64  scopeid 0x20<link>
ether c2:51:01:99:43:3e  txqueuelen 1000  (Ethernet)
RX packets 0  bytes 0 (0.0 B)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 4  bytes 680 (680.0 B)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vmbr1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
inet6 fe80::9490:5ff:fe22:779c  prefixlen 64  scopeid 0x20<link>
ether 96:90:05:22:77:9c  txqueuelen 1000  (Ethernet)
RX packets 0  bytes 0 (0.0 B)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 4  bytes 440 (440.0 B)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


On the Ubuntu virtual machine I have the following config:
Code: 
# This is the network config written by 'subiquity'
network:
ethernets:
ens18:
addresses:
- 192.168.0.2/24
nameservers:
addresses:
- 8.8.8.8
search: []
routes:
- to: default
via: 192.168.0.1
version: 2

When I ping something on the internet I can see the requests on the host and I can ssh into the VM from the host using the 192.168.0.0/24 network

Code: 
root@Debian-bookworm-latest-amd64-base ~ # tcpdump -i vmbr0 icmp
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on vmbr0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
11:22:23.261683 IP 192.168.0.2 > dns.google: ICMP echo request, id 1, seq 12, length 64
11:22:24.285650 IP 192.168.0.2 > dns.google: ICMP echo request, id 1, seq 13, length 64

Please could someone help me set up NAT on the physical host? The specific incatation of iptables rules is beyond me.

Thanks very much,
Mooperd
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back