port forward & proxmox firewall

[mvrhov]

Hey everybody,

We have just figured out that if we add port forwarding rules in /etc/network/interfaces, that the Proxmox firewall rules don't apply to that. Is this on purpose or is this a bug?

excerpt from the interfaces file.

post-up /bin/echo 1 > /proc/sys/net/ipv4/ip_forward
post-up /sbin/iptables -t nat -A POSTROUTING -s '172.16.172.0/24' -o vmbr0 -j MASQUERADE
pre-down /sbin/iptables -t nat -D POSTROUTING -s '172.16.172.0/24' -o vmbr0 -j MASQUERADE

#ssh
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22100 -j DNAT --to 172.16.172.100:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22100 -j DNAT --to 172.16.172.100:22

 

[Moayad]

On which level are the Proxmox VE firewall rules?

 

[mvrhov]

I don't know exactly what are you asking, but Firewall rulers that we were expected to be applied are set on "<Server name>/Firewall", The "Datacenter/Firewall" has only ping and proxmox access rules.
All rules are done via security groups. Which are all set under "Datacenter/Firewall/Security Group"

 

[mvrhov]

@Moayad did I answer you question?