NAT port forwarding

G

gernazdasch

New Member
Jun 9, 2022
25
1
3
Hello.

I recently started out with Proxmox and i want to open port 22 of a virtual machine to internet. This is my network :
Screenshot 2022-06-13 at 19-15-55 prne-r051-235cl - Proxmox Virtual Environment.png

Screenshot 2022-06-13 at 20-23-08 prne-r051-235cl - Proxmox Virtual Environment.png

test debian server ip and gateway :
Screenshot 2022-06-13 at 20-20-53 prne-r051-235cl - Proxmox Virtual Environment.png

It has internet, can ping, update, download ... but i can't port forward the 22 to MAIN_IP:4822

cat /etc/network/interfaces
Code: 
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual

auto vlan1919
iface vlan1919 inet static
        address xxx.xxx.xxx.xxx/28
        gateway xxx.xxx.xxx.xxx
        bridge_ports bond0.1919
        dns-nameservers yyy.yyy.yyy.yyy zzz.zzz.zzz.zzz

auto eth1
iface eth1 inet manual

auto bond0
iface bond0 inet manual
        bond-slaves eth0 eth1
        bond-miimon 100
        bond-mode 802.3ad
        bond-lacp-rate fast
        bond-xmit_hash_policy layer3+4

iface bond0.1919 inet manual

iface bond0.1920 inet manual

auto vlan1920
iface vlan1920 inet static
        address 10.22.121.11/24
        bridge_ports bond0.1920

auto vmbr0
iface vmbr0 inet static
        address 192.168.10.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address 192.168.10.101
        netmask 255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '192.168.10.0/24' -o vlan1919 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.10.0/24' -o vlan1919 -j MASQUERADE

qm config 104
Code: 
boot: order=scsi0;ide2;net0
cores: 4
ide2: local:iso/debian-10.12.0-amd64-DVD-1.iso,media=cdrom
memory: 4096
name: test.debian
net0: virtio=9A:6F:98:A6:C9:A4,bridge=vmbr0,firewall=1
numa: 0
ostype: l26
scsi0: local:104/vm-104-disk-0.qcow2,size=60G
scsihw: virtio-scsi-pci
smbios1: uuid=0222320e-7997-4bac-a84f-504772cf9d50
sockets: 1
vmgenid: 75346c72-a35d-45ac-ae3c-2410a23e3cf4

I already forwarded from Proxmox console, but no result.

Code: 
iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 4822 -j DNAT --to 192.168.10.16:22

Screenshot 2022-06-13 at 20-33-20 prne-r051-235cl - Proxmox Virtual Environment.png

Also a small question, i have a 1Gbps network connection, the VM will have same bandwith? Or there will be a bottleneck due to the fact that is a VM and/or using NAT ?

Thank you.
 
I managed to do it by myself by adding :

Code: 
# server1
post-up iptables -t nat -I PREROUTING -p tcp -d YOUR_MAIN_IP --dport 2222 -j DNAT --to-destination 192.168.10.19:22
post-up iptables -I FORWARD -m state -d 192.168.10.19/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT
post-down iptables -t nat -D PREROUTING -p tcp -d YOUR_MAIN_IP --dport 2222 -j DNAT --to-destination 192.168.10.19:22
post-down iptables -D FORWARD -m state -d 192.168.10.19/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT

# server2
post-up iptables -t nat -I PREROUTING -p tcp -d YOUR_MAIN_IP --dport 2244 -j DNAT --to-destination 192.168.10.20:22
post-up iptables -I FORWARD -m state -d 192.168.10.20/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT
post-down iptables -t nat -D PREROUTING -p tcp -d YOUR_MAIN_IP --dport 2244 -j DNAT --to-destination 192.168.10.20:22
post-down iptables -D FORWARD -m state -d 192.168.10.20/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT

Does anyone knows if using NAT and virtual machines actually lowers the bandwidth ?
 
Hi
I never did a thorough test, but there should be more of an overhead to doing NAT then bridges or giving the network card directly to a VM. It all depends on what hardware you are using if you see an impact there or not ;).
 
You must log in or register to reply here.
Top Bottom