Hi everyone, has anyone come across a problem?
There is a physical server with Proxmox installed on it, I can connect to it on the LAN interface without any problems, but if I try to forward the port through OPNsense or Mikrotik, the connection does not occur. Port to forward 8006 and 22
firewall allows everything
root@pve:~# iptables -L -v -n
Chain INPUT (policy ACCEPT 62980 packets, 28M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 51643 packets, 43M bytes)
pkts bytes target prot opt in out source destination
Network:
auto lo
iface lo inet loopback
auto enp2s0
iface enp2s0 inet manual
auto vmbr0
iface vmbr0 inet static
bridge-ports enp2s0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 1-4000
auto vmbr0.1
iface vmbr0.1 inet static
address 172.18.0.1/24
gateway 172.18.0.254
auto vmbr0.10
iface vmbr0.10 inet manual
auto vmbr0.20
iface vmbr0.20 inet manual
auto vmbr0.100
iface vmbr0.100 inet manual
auto vmbr0.200
iface vmbr0.200 inet manual
auto enp3s0
iface enp3s0 inet static
address 10.0.0.40/24
gateway 10.0.0.254
root@pve:~# tcpdump -n -vvv -i enp3s0 port 8006
tcpdump: listening on enp3s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
17:56:52.706274 IP (tos 0x28, ttl 57, id 0, offset 0, flags [DF], proto TCP (6), length 60)
46.211.162.11.12022 > 10.0.0.40.8006: Flags, cksum 0x8267 (correct), seq 793166943, win 65535, options [mss 1312,sackOK,TS val 46900855 ecr 0,nop,wscale 9], length 0
17:56:53.770433 IP (tos 0x28, ttl 57, id 0, offset 0, flags [DF], proto TCP (6), length 60)
46.211.162.11.12022 > 10.0.0.40.8006: Flags, cksum 0x7e3e (correct), seq 793166943, win 65535, options [mss 1312,sackOK,TS val 46901920 ecr 0,nop,wscale 9], length 0
17:56:55.210300 IP (tos 0x28, ttl 56, id 0, offset 0, flags [DF], proto TCP (6), length 60)
46.211.162.11.12006 > 10.0.0.40.8006: Flags, cksum 0xbf6c (correct), seq 1421629463, win 65535, options [mss 1312,sackOK,TS val 46903380 ecr 0,nop,wscale 9], length 0
17:56:55.770157 IP (tos 0x28, ttl 57, id 0, offset 0, flags [DF], proto TCP (6), length 60)
46.211.162.11.12022 > 10.0.0.40.8006: Flags, cksum 0x7664 (correct), seq 793166943, win 65535, options [mss 1312,sackOK,TS val 46903930 ecr 0,nop,wscale 9], length 0
17:56:56.250009 IP (tos 0x28, ttl 56, id 0, offset 0, flags [DF], proto TCP (6), length 60)
46.211.162.11.12006 > 10.0.0.40.8006: Flags, cksum 0xbb70 (correct), seq 1421629463, win 65535, options [mss 1312,sackOK,TS val 46904400 ecr 0,nop,wscale 9], length 0
17:56:58.250372 IP (tos 0x28, ttl 56, id 0, offset 0, flags [DF], proto TCP (6), length 60)
46.211.162.11.12006 > 10.0.0.40.8006: Flags, cksum 0xb3a0 (correct), seq 1421629463, win 65535, options [mss 1312,sackOK,TS val 46906400 ecr 0,nop,wscale 9], length 0
There is a physical server with Proxmox installed on it, I can connect to it on the LAN interface without any problems, but if I try to forward the port through OPNsense or Mikrotik, the connection does not occur. Port to forward 8006 and 22
firewall allows everything
root@pve:~# iptables -L -v -n
Chain INPUT (policy ACCEPT 62980 packets, 28M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 51643 packets, 43M bytes)
pkts bytes target prot opt in out source destination
Network:
auto lo
iface lo inet loopback
auto enp2s0
iface enp2s0 inet manual
auto vmbr0
iface vmbr0 inet static
bridge-ports enp2s0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 1-4000
auto vmbr0.1
iface vmbr0.1 inet static
address 172.18.0.1/24
gateway 172.18.0.254
auto vmbr0.10
iface vmbr0.10 inet manual
auto vmbr0.20
iface vmbr0.20 inet manual
auto vmbr0.100
iface vmbr0.100 inet manual
auto vmbr0.200
iface vmbr0.200 inet manual
auto enp3s0
iface enp3s0 inet static
address 10.0.0.40/24
gateway 10.0.0.254
root@pve:~# tcpdump -n -vvv -i enp3s0 port 8006
tcpdump: listening on enp3s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
17:56:52.706274 IP (tos 0x28, ttl 57, id 0, offset 0, flags [DF], proto TCP (6), length 60)
46.211.162.11.12022 > 10.0.0.40.8006: Flags
17:56:53.770433 IP (tos 0x28, ttl 57, id 0, offset 0, flags [DF], proto TCP (6), length 60)
46.211.162.11.12022 > 10.0.0.40.8006: Flags
17:56:55.210300 IP (tos 0x28, ttl 56, id 0, offset 0, flags [DF], proto TCP (6), length 60)
46.211.162.11.12006 > 10.0.0.40.8006: Flags
17:56:55.770157 IP (tos 0x28, ttl 57, id 0, offset 0, flags [DF], proto TCP (6), length 60)
46.211.162.11.12022 > 10.0.0.40.8006: Flags
17:56:56.250009 IP (tos 0x28, ttl 56, id 0, offset 0, flags [DF], proto TCP (6), length 60)
46.211.162.11.12006 > 10.0.0.40.8006: Flags
17:56:58.250372 IP (tos 0x28, ttl 56, id 0, offset 0, flags [DF], proto TCP (6), length 60)
46.211.162.11.12006 > 10.0.0.40.8006: Flags
Last edited: