Persistent NAT forward firewall rules help

SouthSiders

Active Member
Nov 6, 2018
9
0
41
34
Hi,

How do I make NAT rules persistent in Promox? (36.X.X.X to hide real IP)

I have tried adding these rules in /etc/network/interfaces which doesn't work:


Code:
post-up iptables -t nat -A PREROUTING -p tcp --dport 51005 -d 36.X.X.X -j DNAT --to-destination 172.16.12.205:3389
post-up iptables -t nat -A POSTROUTING -p tcp --sport 3389 -s 172.16.12.205 -j SNAT --to-source 36.X.X.X:51005

It works fine if I enter enter these in ssh:

Code:
iptables -t nat -A PREROUTING -p tcp --dport 51005 -d 36.X.X.X -j DNAT --to-destination 172.16.12.205:3389

iptables -t nat -A POSTROUTING -p tcp --sport 3389 -s 172.16.12.205 -j SNAT --to-source 36.X.X.X:51005

Also fine in crontab -e:

Code:
@reboot iptables -t nat -A PREROUTING -p tcp --dport 51005 -d 36.X.X.X -j DNAT --to-destination 172.16.12.205:3389

@reboot iptables -t nat -A POSTROUTING -p tcp --sport 3389 -s 172.16.12.205 -j SNAT --to-source 36.X.X.X:51005

What am I doing wrong? It doesn't work in '/etc/network/interfaces' I would prefer these rules so I can restart iptables or networking without PVE reboot to update rules.
 
Last edited:
Check the journal for any errors: journalctl -b
You could also run ifreload -a if you have ifupdown2 installed.