NAT port forwarding

G

gernazdasch

New Member
Jun 9, 2022
25
1
3
Hello.

I recently started out with Proxmox and i want to open port 22 of a virtual machine to internet. This is my network :
Screenshot 2022-06-13 at 19-15-55 prne-r051-235cl - Proxmox Virtual Environment.png

Screenshot 2022-06-13 at 20-23-08 prne-r051-235cl - Proxmox Virtual Environment.png

test debian server ip and gateway :
Screenshot 2022-06-13 at 20-20-53 prne-r051-235cl - Proxmox Virtual Environment.png

It has internet, can ping, update, download ... but i can't port forward the 22 to MAIN_IP:4822

cat /etc/network/interfaces
Code: 
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual

auto vlan1919
iface vlan1919 inet static
        address xxx.xxx.xxx.xxx/28
        gateway xxx.xxx.xxx.xxx
        bridge_ports bond0.1919
        dns-nameservers yyy.yyy.yyy.yyy zzz.zzz.zzz.zzz

auto eth1
iface eth1 inet manual

auto bond0
iface bond0 inet manual
        bond-slaves eth0 eth1
        bond-miimon 100
        bond-mode 802.3ad
        bond-lacp-rate fast
        bond-xmit_hash_policy layer3+4

iface bond0.1919 inet manual

iface bond0.1920 inet manual

auto vlan1920
iface vlan1920 inet static
        address 10.22.121.11/24
        bridge_ports bond0.1920

auto vmbr0
iface vmbr0 inet static
        address 192.168.10.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address 192.168.10.101
        netmask 255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '192.168.10.0/24' -o vlan1919 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.10.0/24' -o vlan1919 -j MASQUERADE

qm config 104
Code: 
boot: order=scsi0;ide2;net0
cores: 4
ide2: local:iso/debian-10.12.0-amd64-DVD-1.iso,media=cdrom
memory: 4096
name: test.debian
net0: virtio=9A:6F:98:A6:C9:A4,bridge=vmbr0,firewall=1
numa: 0
ostype: l26
scsi0: local:104/vm-104-disk-0.qcow2,size=60G
scsihw: virtio-scsi-pci
smbios1: uuid=0222320e-7997-4bac-a84f-504772cf9d50
sockets: 1
vmgenid: 75346c72-a35d-45ac-ae3c-2410a23e3cf4

I already forwarded from Proxmox console, but no result.

Code: 
iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 4822 -j DNAT --to 192.168.10.16:22

Screenshot 2022-06-13 at 20-33-20 prne-r051-235cl - Proxmox Virtual Environment.png

Also a small question, i have a 1Gbps network connection, the VM will have same bandwith? Or there will be a bottleneck due to the fact that is a VM and/or using NAT ?

Thank you.
 
I managed to do it by myself by adding :

Code: 
# server1
post-up iptables -t nat -I PREROUTING -p tcp -d YOUR_MAIN_IP --dport 2222 -j DNAT --to-destination 192.168.10.19:22
post-up iptables -I FORWARD -m state -d 192.168.10.19/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT
post-down iptables -t nat -D PREROUTING -p tcp -d YOUR_MAIN_IP --dport 2222 -j DNAT --to-destination 192.168.10.19:22
post-down iptables -D FORWARD -m state -d 192.168.10.19/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT

# server2
post-up iptables -t nat -I PREROUTING -p tcp -d YOUR_MAIN_IP --dport 2244 -j DNAT --to-destination 192.168.10.20:22
post-up iptables -I FORWARD -m state -d 192.168.10.20/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT
post-down iptables -t nat -D PREROUTING -p tcp -d YOUR_MAIN_IP --dport 2244 -j DNAT --to-destination 192.168.10.20:22
post-down iptables -D FORWARD -m state -d 192.168.10.20/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT

Does anyone knows if using NAT and virtual machines actually lowers the bandwidth ?
 
Hi
I never did a thorough test, but there should be more of an overhead to doing NAT then bridges or giving the network card directly to a VM. It all depends on what hardware you are using if you see an impact there or not ;).
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back