[SOLVED] One public ip with PREROUTING port rules

S

Sentellio

New Member
Mar 10, 2016
6
0
1
37
Hello Proxmox community.
I have very interesting problem, and I am unable to solve it

So I have Proxmox 4.1-2f9650d4 server with two interfaces, one is facing to the internet with public IP and second one is for local network (LAN).

My /etc/interfaces/network file look like this:

Code: 
auto lo
iface lo inet loopback

iface eth0 inet manual
        post-up iptables-restore < /etc/iptables.up.rules

iface eth1 inet manual

#interface facing to the INTERNET
auto vmbr0
iface vmbr0 inet static
        address  71.136.130.133
        netmask  255.255.255.240
        gateway  71.136.130.129
        network 71.136.130.128
        broadcast 71.136.130.143
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

#LAN interface
auto vmbr1
iface vmbr1 inet static
        address  172.25.112.52
        netmask  255.255.255.240
        #gateway  172.25.112.49
        network 172.25.112.48
        broadcast 172.25.112.63
        bridge_ports eth1
        bridge_stp off
        bridge_fd 0

        #Route to my PC (to be able to reach SSH and WEBIF on my PROXMOX server)
        post-up route add -net 192.168.10.0 netmask 255.255.255.0 gw 172.25.112.49 vmbr1
        post-down route del -net 192.168.10.0 netmask 255.255.255.0 gw 172.25.112.49 vmbr1


#bridge for VMs
auto vmbr2
iface vmbr2 inet static
        address 10.99.10.254
        netmask 255.255.255.0
        network 10.99.10.0
        broadcast 10.99.10.255
        bridge_ports none
        bridge_stp off
        bridge_fd 0

        post-up route add -net 10.99.10.0 netmask 255.255.255.0 gw 10.99.10.254 vmbr2
        post-down route del -net 10.99.10.0 netmask 255.255.255.0 gw 10.99.10.254 vmbr2

My ip tables file /etc/iptables.up.rules
I am trying to forward public port 443 to the VM; his IP is 10.99.10.1 port 80

Code: 
# Generated by iptables-save v1.4.21 on Thu Mar 10 11:16:39 2016
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i vmbr0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.99.10.1:80
-A POSTROUTING -s 10.99.10.0/24 -o vmbr0 -j SNAT --to-source 71.136.130.133
COMMIT
# Completed on Thu Mar 10 11:16:39 2016
# Generated by iptables-save v1.4.21 on Thu Mar 10 11:16:39 2016
*filter
:INPUT ACCEPT [509:255763]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [374:284863]
COMMIT
# Completed on Thu Mar 10 11:16:39 2016

My routes:
Code: 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         78.136.130.129  0.0.0.0         UG    0      0        0 vmbr0
10.99.10.0      10.99.10.254    255.255.255.0   UG    0      0        0 vmbr2
10.99.10.0      0.0.0.0         255.255.255.0   U     0      0        0 vmbr2
78.136.130.128  0.0.0.0         255.255.255.240 U     0      0        0 vmbr0
172.25.112.48   172.25.112.49   255.255.255.240 UG    0      0        0 vmbr1
172.25.112.48   0.0.0.0         255.255.255.240 U     0      0        0 vmbr1
192.168.10.0    172.25.112.49   255.255.255.0   UG    0      0        0 vmbr1


So what is NOT working:
  • I am unable to open port 443 from the internet, PREROUTING rule is not working. I try tcpdump and I did not catch any packets on this port.
I really appreciated any help
 
You must log in or register to reply here.
Top Bottom