port forwarding to guest

H

Halfhidden

Member
May 14, 2021
24
3
8
58
OK I'm going to apologise for this post as I have spent days looking for the solution and have read that much, I'm forgetting what I'm doing.

I have only recently installed Proxmox to a bare metal Dell R710. The installation was painless and Proxmox looks like a superior setup. I've created a container with Nextcloud as a turnkey install and I followed some tutorials on hardening the Proxmox through firewall policies. I've also installed nginx to handle port 443 but not 80 as that needs to be used for lets encrypt.
As far as I know the server is hardened and Proxmox can be reached through my FQD.
I have configured one public ip address and that is bridged to the server.

What I can't do is access Nextcloud through say port 8282 because I don't understand how to configure it.

I thought, like most firewalls, that Proxmox uses port forwarding to handle http requests, but I can see that this is achieved somehow through bridges.

So is there a document that anyone knows of that can help me with this. Or can anyone tell me what I'm doing wrong please.

I really do appreciate any help, and am willing to read up where I need to.
 
The PVE firewall does not do port forwarding, as the usual setup is to give every container and VM their own IP address anyway, so you'd address them by that. If you only have one public IP and want your PVE web GUI to be reachable via that, you need to tell the PVE host to forward connection manually - the port forwarding you mentioned.

You can do this manually via iptables, i.e. OTOH
Code: 
iptables -t nat -A PREROUTING -p tcp --dport 8282 -j DNAT --to-destination <container IP>:8282
should do the trick (note that the two ports can also differ, I use 8282 as in your example), but there are also many tutorials on the internet if you search for "iptables port forwarding" on your favourite search engine :)
 
Thanks Stefan!
That is great. I'll set to this over the next day or so.
I really appreciate the time you have taken to answer my question.
 
Stefan_R said:
You can do this manually via iptables, i.e. OTOH
Code: 
iptables -t nat -A PREROUTING -p tcp --dport 8282 -j DNAT --to-destination <container IP>:8282
should do the trick (note that the two ports can also differ, I use 8282 as in your example), but there are also many tutorials on the internet if you search for "iptables port forwarding" on your favourite search engine :)
Click to expand...

Sorry for hijacking this thread, but I have a regarding question.

Is this "upgrade/reboot" safe? Are manual added iptables rules persistent or in other words how custom iptables rules should be configured in order that they're persistent?

Thanks!
 
kokel said:
Sorry for hijacking this thread, but I have a regarding question.

Is this "upgrade/reboot" safe? Are manual added iptables rules persistent or in other words how custom iptables rules should be configured in order that they're persistent?

Thanks!
Click to expand...
No, you need to rerun the commands at startup. The *correct* way to do this is probably via a systemd-service and using 'iptables-save' and such, I personally like to just make a crontab entry specified as @reboot that runs the 'iptables' commands.
 
Stefan_R said:
No, you need to rerun the commands at startup. The *correct* way to do this is probably via a systemd-service and using 'iptables-save' and such, I personally like to just make a crontab entry specified as @reboot that runs the 'iptables' commands.
Click to expand...
Hmm, so there is no Proxmox way for custom iptables rules? Smells like a feature request.
 
Not in this manner, no. There is the built-in PVE firewall, but it doesn't support all iptables use-cases atm. Feel free to open a report at our bugtracker, but I believe this might be a bit out-of-scope, as you can already do that fairly easily with standard tools included in the Debian base.
 
Stefan_R said:
Not in this manner, no. There is the built-in PVE firewall, but it doesn't support all iptables use-cases atm. Feel free to open a report at our bugtracker, but I believe this might be a bit out-of-scope, as you can already do that fairly easily with standard tools included in the Debian base.
Click to expand...
Sure, but to do this with standard tools somebody has to know how to do this without breaking the stuff the proxmox firewall do.
It would be nice to know how Proxmox Firewall insert/deletes/updates iptables rules.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back