### ip's have been changed ##
Not necessarily a Proxmox problem, but I hope someone can help me (sorry for my bad englisch)
My problem is that my ports released in NAT are also released on the 2nd IP
Example 49.9.9.134:80 <- (NAT) 10.10.10.11:80 can also be reached on the 2nd ip 49.9.9.88:80
I want dedicated use the second ip for a VM
My Network interfaces:
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
iface lo inet6 loopback
auto enp35s0
iface enp35s0 inet static
address 49.9.9.134/27
gateway 49.9.9.129
pointopoint 49.9.9.129
up route add -net 49.9.9.128 netmask 255.255.255.224 gw 49.9.9.129 dev enp35s0
iface enp35s0 inet6 static
address d201:4f8:240:91c9::2
netmask 128
gateway fe80::1
####Physical END
auto vmbr0
iface vmbr0 inet static
address 49.9.9.134/32
bridge-ports none
bridge-stp off
bridge-fd 0
bridge_maxwait 0
#pre-up brctl addbr vmbr0
#weitere IPS mit up ip... eintragen
up ip route add 49.9.9.88/32 dev vmbr0
iface vmbr0 inet6 static
address d201:4f8:240:91c9::1
netmask 64
up ip -6 route add d201:4f8:240:91c9::/64 dev vmbr0
#weitere IPv6 netze hier anlegen
auto vmbr1
iface vmbr1 inet static
address 10.10.10.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o enp35s0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o enp35s0 -j MASQUERADE
# Teamspeak 9987:10.10.10.232:9987
post-up iptables -t nat -A PREROUTING -i enp35s0 -p udp --dport 9987 -j DNAT --to 10.10.10.232:9987
post-down iptables -t nat -D PREROUTING -i enp35s0 -p udp --dport 9987 -j DNAT --to 10.10.10.232:9987
# Teamspeak 30033:10.10.10.232:30033 filetransfer
post-up iptables -t nat -A PREROUTING -i enp35s0 -p tcp --dport 30033 -j DNAT --to 10.10.10.232:30033
post-down iptables -t nat -D PREROUTING -i enp35s0 -p tcp --dport 30033 -j DNAT --to 10.10.10.232:30033
# Teamspeak 10011:10.10.10.232:10011 serverquery
post-up iptables -t nat -A PREROUTING -i enp35s0 -p tcp --dport 10011 -j DNAT --to 10.10.10.232:10011
post-down iptables -t nat -D PREROUTING -i enp35s0 -p tcp --dport 10011 -j DNAT --to 10.10.10.232:10011
# Teamspeak 2010:10.10.10.232:2010 weblist
post-up iptables -t nat -A PREROUTING -i enp35s0 -p udp --dport 2010 -j DNAT --to 10.10.10.232:2010
post-down iptables -t nat -D PREROUTING -i enp35s0 -p udp --dport 2010 -j DNAT --to 10.10.10.232:2010
# HTTP 80:10.10.10.30:80
post-up iptables -t nat -A PREROUTING -i enp35s0 -p tcp --dport 80 -j DNAT --to 10.10.10.30:80
post-down iptables -t nat -D PREROUTING -i enp35s0 -p tcp --dport 80 -j DNAT --to 10.10.10.30:80
# HTTPS 443:10.10.10.30:443
post-up iptables -t nat -A PREROUTING -i enp35s0 -p tcp --dport 443 -j DNAT --to 10.10.10.30:443
post-down iptables -t nat -D PREROUTING -i enp35s0 -p tcp --dport 443 -j DNAT --to 10.10.10.30:443
####################### not in use
auto vmbr100
iface vmbr100 inet static
address 192.168.1.0/24
bridge-ports none
#####End
############################################################
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1
Not necessarily a Proxmox problem, but I hope someone can help me (sorry for my bad englisch)
My problem is that my ports released in NAT are also released on the 2nd IP
Example 49.9.9.134:80 <- (NAT) 10.10.10.11:80 can also be reached on the 2nd ip 49.9.9.88:80
I want dedicated use the second ip for a VM
My Network interfaces:
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
iface lo inet6 loopback
auto enp35s0
iface enp35s0 inet static
address 49.9.9.134/27
gateway 49.9.9.129
pointopoint 49.9.9.129
up route add -net 49.9.9.128 netmask 255.255.255.224 gw 49.9.9.129 dev enp35s0
iface enp35s0 inet6 static
address d201:4f8:240:91c9::2
netmask 128
gateway fe80::1
####Physical END
auto vmbr0
iface vmbr0 inet static
address 49.9.9.134/32
bridge-ports none
bridge-stp off
bridge-fd 0
bridge_maxwait 0
#pre-up brctl addbr vmbr0
#weitere IPS mit up ip... eintragen
up ip route add 49.9.9.88/32 dev vmbr0
iface vmbr0 inet6 static
address d201:4f8:240:91c9::1
netmask 64
up ip -6 route add d201:4f8:240:91c9::/64 dev vmbr0
#weitere IPv6 netze hier anlegen
auto vmbr1
iface vmbr1 inet static
address 10.10.10.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o enp35s0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o enp35s0 -j MASQUERADE
# Teamspeak 9987:10.10.10.232:9987
post-up iptables -t nat -A PREROUTING -i enp35s0 -p udp --dport 9987 -j DNAT --to 10.10.10.232:9987
post-down iptables -t nat -D PREROUTING -i enp35s0 -p udp --dport 9987 -j DNAT --to 10.10.10.232:9987
# Teamspeak 30033:10.10.10.232:30033 filetransfer
post-up iptables -t nat -A PREROUTING -i enp35s0 -p tcp --dport 30033 -j DNAT --to 10.10.10.232:30033
post-down iptables -t nat -D PREROUTING -i enp35s0 -p tcp --dport 30033 -j DNAT --to 10.10.10.232:30033
# Teamspeak 10011:10.10.10.232:10011 serverquery
post-up iptables -t nat -A PREROUTING -i enp35s0 -p tcp --dport 10011 -j DNAT --to 10.10.10.232:10011
post-down iptables -t nat -D PREROUTING -i enp35s0 -p tcp --dport 10011 -j DNAT --to 10.10.10.232:10011
# Teamspeak 2010:10.10.10.232:2010 weblist
post-up iptables -t nat -A PREROUTING -i enp35s0 -p udp --dport 2010 -j DNAT --to 10.10.10.232:2010
post-down iptables -t nat -D PREROUTING -i enp35s0 -p udp --dport 2010 -j DNAT --to 10.10.10.232:2010
# HTTP 80:10.10.10.30:80
post-up iptables -t nat -A PREROUTING -i enp35s0 -p tcp --dport 80 -j DNAT --to 10.10.10.30:80
post-down iptables -t nat -D PREROUTING -i enp35s0 -p tcp --dport 80 -j DNAT --to 10.10.10.30:80
# HTTPS 443:10.10.10.30:443
post-up iptables -t nat -A PREROUTING -i enp35s0 -p tcp --dport 443 -j DNAT --to 10.10.10.30:443
post-down iptables -t nat -D PREROUTING -i enp35s0 -p tcp --dport 443 -j DNAT --to 10.10.10.30:443
####################### not in use
auto vmbr100
iface vmbr100 inet static
address 192.168.1.0/24
bridge-ports none
#####End
############################################################
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1