NATing external IPs(not the host's) and SSH to them?

Y

YBEY

New Member
Jun 22, 2015
10
0
1
Hey guys.
Om using online.net as my VPS, and i have several external IP addresses.

First, please explain to me how to NAT an up address other them my host's original?
Lets assume my hosts ip is 55.55.55.55 and i choose NAT in the network, no matter what i put in the "Mac address" field, i always get a NAT of the host IP
I want to choose one of the other IPs, lets say 11.22.33.44 and NAT that to several machines, any ideas?
(i assume the answer will be different for every OS, i mainly use Debian and Windows)

Second, Lets assume i did the above, and i have 2(or more) machines which share the same external IP (other than the hosts's)
issue is, im not sure how to access these machines with SSH, because they are behind a NAT
lets say the external IP is 11.22.33.44, What firewall rules do i have to set in the proxmox firewall (and into which machine) in order to make sure i can SSH to those different machines?

Thank you very much!
 
YBEY said:
First, please explain to me how to NAT an up address other them my host's original?
Lets assume my hosts ip is 55.55.55.55 and i choose NAT in the network, no matter what i put in the "Mac address" field, i always get a NAT of the host IP
I want to choose one of the other IPs, lets say 11.22.33.44 and NAT that to several machines, any ideas?
(i assume the answer will be different for every OS, i mainly use Debian and Windows)
Click to expand...

Not quite clear what you mean. you can have

(a) 1 public IP (assigned to the host) and a local network to other machines (VMs on the host) and acces via NAT from this network to the public one

OR

(b) more public IPs, one for each machine (VM)

In case of (a) the host should have a NAT service; there is built-in one in KVM but it´s very simple and not recommended. Do it with the following command (assuming your local network is 192.168.10.0/24):

Code: 
iptables -t nat -A POSTROUTING ! -d 192.168.10.0/24 -j MASQUERADE

In case of (b) bridge the VMs´ NICs and assign the addresses to them (no NAT at all)


YBEY said:
Second, Lets assume i did the above, and i have 2(or more) machines which share the same external IP (other than the hosts's)
issue is, im not sure how to access these machines with SSH, because they are behind a NAT
lets say the external IP is 11.22.33.44, What firewall rules do i have to set in the proxmox firewall (and into which machine) in order to make sure i can SSH to those different machines?
Click to expand...

For machines which don´t have an own address you have to use solution (a) as described above.

In order to reach any of these machines via ssh from public you have to

- define a port number (which the client to specify instead of the usual 22)

- forward this port to the local network and proper address, (e.g. port 10022 for machine at 192.168.10.10):

Code: 
iptables -t nat -A PREROUTING -p tcp --dport 10022 -j DNAT --to-destination 192.168.10.10:22

Depending on your configuration the iptables commands can be slightly different from the above mentioned ones.

Firewall settings are independent from this.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back