NAT Prerouting from bridge to single container without public ip address

P

Paddle

New Member
Apr 24, 2014
11
0
1
Hello everybody,

is it possible to do this bash commands with the gui firewall configuration?

iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 27015 -j DNAT --to-destination 192.168.1.2:27015
iptables -t nat -A PREROUTING -i vmbr0 -p udp -m udp --dport 27015 -j DNAT --to-destination 192.168.1.2:27015
iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 7777 -j DNAT --to-destination 192.168.1.2:7777
iptables -t nat -A PREROUTING -i vmbr0 -p udp -m udp --dport 7777 -j DNAT --to-destination 192.168.1.2:7777
Click to expand...

Node network/interfaces (default generated from plain 4.1 VE installation with some settings)

Code: 
auto lo
iface lo inet loopback

iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
    address  123.456.789.123
    netmask  255.255.255.192
    gateway  123.456.789.124
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0

auto vmbr1
iface vmbr1 inet static
    address  192.168.1.254
    netmask  255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0

    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up   iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE

I tried to do something like...

2016-01-28 01_04_26.png
(The checked firewall box is important. Or should I disable it?)

And this is the try.

2016-01-28 01_06_39.png



Or must I use this customization and save with iptables-save like described here https://pve.proxmox.com/wiki/Proxmox_VE_Firewall?

Thank's in Advance!
 
Paddle said:
Hello everybody,

is it possible to do this bash commands with the gui firewall configuration?

iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 27015 -j DNAT --to-destination 192.168.1.2:27015
iptables -t nat -A PREROUTING -i vmbr0 -p udp -m udp --dport 27015 -j DNAT --to-destination 192.168.1.2:27015
iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 7777 -j DNAT --to-destination 192.168.1.2:7777
iptables -t nat -A PREROUTING -i vmbr0 -p udp -m udp --dport 7777 -j DNAT --to-destination 192.168.1.2:7777
Click to expand...


No, gui does not support NAT settings. But no problem to make these settings on command line.
 
  • Like
Reactions: Paddle
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back