Need Help with Network

[michaeleifel]

Hello, my Name is michael and i'm from germany. Im using Proxmox 3.2 I could use some help with Networking. My provider gave me the possibility to host my pc but doesn't allow multiple mac adresses,therefore i can't use bridge. There is no Firewall or something like that active I tested the Routed setup and used the address from the real host in kvm as gateway and can also ping this gateway, but don't have any dns resolution. iptables -t nat -A POSTROUTING -s 10.10.10.10/24 -o eth0 -j MASQUERADE was also added. A firewall is not active and internet is working fine with all clients and also in nat mode. I also read this page http://servernetworktech.com/2012/12/proxmox-and-using-nat-with-a-virtual-machine/ up and down, but i can't figure out, why my virtual machines dont have any connection. The goal is, that only the real host ip and mac is visible, in which way this is achieved is irrelevant, but the vms need to be accessable via Internet or LAN. The virtual machine is an debian wheezy also. Regards

 

[spirit]

hi

but the vms need to be accessable via Internet

You are doing snat, so you can access from internet -> vms, only vms->internet (vms ips will be natted to host ip)


how many public ip address do you have ?

 

[michaeleifel]

Hello,
i have got one public assigned from the Provider.

Regards.

 

[spirit]

Hello,
i have got one public assigned from the Provider.

Regards.

So, only way is to do nat, like you do (but you can only access from vm-> internet)


to access from internet->vms, you need public ip by vm.

 

[michaeleifel]

Hello, actually i need only a few ports, like SSH,HTTP,HTTPS, i thought there may be the possiblity with iptables like: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 10022 -j DNAT --to 10.10.10.1:22 for routed interface. But i mainly wonder why also the direction vm -> internet doesnt work. Or is there any posiblity that might be quite simpler? I tried nat out of the box and only thing missing there is internet -> vm which i couldn't get to work with previous iptable roule + post-up echo 1 > /proc/sys/net/ipv4/ip_forward and post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE. Regards.

 

[spirit]

Hello, actually i need only a few ports, like SSH,HTTP,HTTPS, i thought there may be the possiblity with iptables like: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 10022 -j DNAT --to 10.10.10.1:22 for routed interface. But i mainly wonder why also the direction vm -> internet doesnt work. Or is there any posiblity that might be quite simpler? I tried nat out of the box and only thing tehre missing is internet -> vm. Regards.

this should work for port redirection:

iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 10022 -j DNAT --to 10.10.10.1:22

 

[spirit]

try to use vmbr0 instead eth0 in your rules, if the ip is configurated on vmbr0.

 

[michaeleifel]

Ok, This rule would be for NAT then? will try iptables rule with vmbr0 and virtual machine with NAT out of the box later today and will report back.Thanks for the Help. Regards.