[SOLVED] One public ip with PREROUTING port rules

Sentellio

New Member
Mar 10, 2016
6
0
1
36
Hello Proxmox community.
I have very interesting problem, and I am unable to solve it

So I have Proxmox 4.1-2f9650d4 server with two interfaces, one is facing to the internet with public IP and second one is for local network (LAN).

My /etc/interfaces/network file look like this:

Code:
auto lo
iface lo inet loopback

iface eth0 inet manual
        post-up iptables-restore < /etc/iptables.up.rules

iface eth1 inet manual

#interface facing to the INTERNET
auto vmbr0
iface vmbr0 inet static
        address  71.136.130.133
        netmask  255.255.255.240
        gateway  71.136.130.129
        network 71.136.130.128
        broadcast 71.136.130.143
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

#LAN interface
auto vmbr1
iface vmbr1 inet static
        address  172.25.112.52
        netmask  255.255.255.240
        #gateway  172.25.112.49
        network 172.25.112.48
        broadcast 172.25.112.63
        bridge_ports eth1
        bridge_stp off
        bridge_fd 0

        #Route to my PC (to be able to reach SSH and WEBIF on my PROXMOX server)
        post-up route add -net 192.168.10.0 netmask 255.255.255.0 gw 172.25.112.49 vmbr1
        post-down route del -net 192.168.10.0 netmask 255.255.255.0 gw 172.25.112.49 vmbr1


#bridge for VMs
auto vmbr2
iface vmbr2 inet static
        address 10.99.10.254
        netmask 255.255.255.0
        network 10.99.10.0
        broadcast 10.99.10.255
        bridge_ports none
        bridge_stp off
        bridge_fd 0

        post-up route add -net 10.99.10.0 netmask 255.255.255.0 gw 10.99.10.254 vmbr2
        post-down route del -net 10.99.10.0 netmask 255.255.255.0 gw 10.99.10.254 vmbr2

My ip tables file /etc/iptables.up.rules
I am trying to forward public port 443 to the VM; his IP is 10.99.10.1 port 80

Code:
# Generated by iptables-save v1.4.21 on Thu Mar 10 11:16:39 2016
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i vmbr0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.99.10.1:80
-A POSTROUTING -s 10.99.10.0/24 -o vmbr0 -j SNAT --to-source 71.136.130.133
COMMIT
# Completed on Thu Mar 10 11:16:39 2016
# Generated by iptables-save v1.4.21 on Thu Mar 10 11:16:39 2016
*filter
:INPUT ACCEPT [509:255763]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [374:284863]
COMMIT
# Completed on Thu Mar 10 11:16:39 2016

My routes:
Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         78.136.130.129  0.0.0.0         UG    0      0        0 vmbr0
10.99.10.0      10.99.10.254    255.255.255.0   UG    0      0        0 vmbr2
10.99.10.0      0.0.0.0         255.255.255.0   U     0      0        0 vmbr2
78.136.130.128  0.0.0.0         255.255.255.240 U     0      0        0 vmbr0
172.25.112.48   172.25.112.49   255.255.255.240 UG    0      0        0 vmbr1
172.25.112.48   0.0.0.0         255.255.255.240 U     0      0        0 vmbr1
192.168.10.0    172.25.112.49   255.255.255.0   UG    0      0        0 vmbr1


So what is NOT working:
  • I am unable to open port 443 from the internet, PREROUTING rule is not working. I try tcpdump and I did not catch any packets on this port.
I really appreciated any help
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!