NAT Port Forwarding

E

elvinmammadov

Member
Feb 12, 2021
30
1
13
34
Hello,

We have a server in Datacenter and it has 2 partitions, the one for Proxmox system, and the other for VMs. It has 1 public IP Address.
We have installed Veeam Backup agent to take backup of Proxmox partition every day. Backup server is located in other Datacenter.
Backup job fails, because it tries to connect the internal ip of Veeam Backup Server, even if in the configuration we have written the Public IP.

In the past we had the same problem for VMs, but in Opnsense Firewall, in NAT, we have added the rules, the it started to work. I would like to know how I can make the same thing in Proxmox?

The following rule works in Opnsense Firewall.
NAT \ Port Forwarding
Source: any
Destination: Internal IP of Veeam Backup Server
Destination Port: 2500
Redirect target IP: WAN IP of Veeam Backup Server
Redirect target port: 2500
 
Hello,

Maybe you have to use iptables port forwarding in the PVE network configuration.

Code: 
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport <PORT> -j DNAT --to <VM or CT Ip address>:<PORT>
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport <PORT> -j DNAT --to <VM or CT Ip address>:<PORT>

FYI: Proxmox provides a PBS (Proxmox Backup Server) solution [0] as well.

[0] https://proxmox.com/en/proxmox-backup-server
 
Thank you for your reply.

I added it to network interface file, but it still gives the same error, cannot reach the internal ip address.

post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2500 -j DNAT --to 192.168.105.1:2500
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2500 -j DNAT --to 192.168.105.1:2500
 
Hello,

I would like to mention that, the Veeam Backup Server is on different location. In the backup configuration I have typed the Public IP of Veeam Backup, but in the backup process the agent also tries to connect to internal IP address. That's why in the past we have used NAT Forwarding in OPNsense for the VMs.

Proxmox ServerProxmox Server
Opnsense FirewallOpnsense Firewall (IP: XX.XX.XX.115)
VM - Linux VM - Veeam Backup Server (IP: 192.168.105.1)
VM - Windows

This following rule works in Opnsense Firewall where "VM - Linux and VM - Windows" are located.
NAT \ Port Forwarding
Source: any
Destination: 192.168.105.1
Destination Port: 2500
Redirect target IP: XX.XX.XX.115
Redirect target port: 2500

I am attaching the network configuration file:

Code: 
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

iface eth0 inet manual

# Proxmox WAN interface
auto vmbr0
iface vmbr0 inet dhcp
        bridge-ports eth0
        bridge-stp off
        bridge-fd 0
        bridge_hw eth0

# Interface for VMs
auto vmbr1
iface vmbr1 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0

post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2500 -j DNAT --to 192.168.105.1:2500
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2500 -j DNAT --to 192.168.105.1:2500
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back