Hello Proxmox community.
I have very interesting problem, and I am unable to solve it
So I have Proxmox 4.1-2f9650d4 server with two interfaces, one is facing to the internet with public IP and second one is for local network (LAN).
My /etc/interfaces/network file look like this:
My ip tables file /etc/iptables.up.rules
I am trying to forward public port 443 to the VM; his IP is 10.99.10.1 port 80
My routes:
So what is NOT working:
I have very interesting problem, and I am unable to solve it
So I have Proxmox 4.1-2f9650d4 server with two interfaces, one is facing to the internet with public IP and second one is for local network (LAN).
My /etc/interfaces/network file look like this:
Code:
auto lo
iface lo inet loopback
iface eth0 inet manual
post-up iptables-restore < /etc/iptables.up.rules
iface eth1 inet manual
#interface facing to the INTERNET
auto vmbr0
iface vmbr0 inet static
address 71.136.130.133
netmask 255.255.255.240
gateway 71.136.130.129
network 71.136.130.128
broadcast 71.136.130.143
bridge_ports eth0
bridge_stp off
bridge_fd 0
#LAN interface
auto vmbr1
iface vmbr1 inet static
address 172.25.112.52
netmask 255.255.255.240
#gateway 172.25.112.49
network 172.25.112.48
broadcast 172.25.112.63
bridge_ports eth1
bridge_stp off
bridge_fd 0
#Route to my PC (to be able to reach SSH and WEBIF on my PROXMOX server)
post-up route add -net 192.168.10.0 netmask 255.255.255.0 gw 172.25.112.49 vmbr1
post-down route del -net 192.168.10.0 netmask 255.255.255.0 gw 172.25.112.49 vmbr1
#bridge for VMs
auto vmbr2
iface vmbr2 inet static
address 10.99.10.254
netmask 255.255.255.0
network 10.99.10.0
broadcast 10.99.10.255
bridge_ports none
bridge_stp off
bridge_fd 0
post-up route add -net 10.99.10.0 netmask 255.255.255.0 gw 10.99.10.254 vmbr2
post-down route del -net 10.99.10.0 netmask 255.255.255.0 gw 10.99.10.254 vmbr2
My ip tables file /etc/iptables.up.rules
I am trying to forward public port 443 to the VM; his IP is 10.99.10.1 port 80
Code:
# Generated by iptables-save v1.4.21 on Thu Mar 10 11:16:39 2016
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i vmbr0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.99.10.1:80
-A POSTROUTING -s 10.99.10.0/24 -o vmbr0 -j SNAT --to-source 71.136.130.133
COMMIT
# Completed on Thu Mar 10 11:16:39 2016
# Generated by iptables-save v1.4.21 on Thu Mar 10 11:16:39 2016
*filter
:INPUT ACCEPT [509:255763]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [374:284863]
COMMIT
# Completed on Thu Mar 10 11:16:39 2016
My routes:
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 78.136.130.129 0.0.0.0 UG 0 0 0 vmbr0
10.99.10.0 10.99.10.254 255.255.255.0 UG 0 0 0 vmbr2
10.99.10.0 0.0.0.0 255.255.255.0 U 0 0 0 vmbr2
78.136.130.128 0.0.0.0 255.255.255.240 U 0 0 0 vmbr0
172.25.112.48 172.25.112.49 255.255.255.240 UG 0 0 0 vmbr1
172.25.112.48 0.0.0.0 255.255.255.240 U 0 0 0 vmbr1
192.168.10.0 172.25.112.49 255.255.255.0 UG 0 0 0 vmbr1
So what is NOT working:
- I am unable to open port 443 from the internet, PREROUTING rule is not working. I try tcpdump and I did not catch any packets on this port.