Port Forwarding

L

leonidas_o

Member
Apr 17, 2022
68
5
8
Hiii guys,

new Proxmox user here. One of those port forwarding questions which has come up already a couple of times, but still, something seems to be missing.
I've installed proxmox 7.1-12 on a dedicated server (one public ip). Now I'm trying to setup ssh port forwarding to a VM. I've seen some examples but still somehow I can't get it to work. The VM is a rocky linux (selinux enabled), proxmox is literally empty, except that one VM. Datecenter firewall is off. Firewall on the Node is on (tried also off, same behaviour). My /etc/network/interfaces file looks like:

Code: 
etuto eno1
iface eno1 inet dhcp

auto eno2
iface eno2 inet manual

auto vmbr0
iface vmbr0 inet static
        address 10.2.1.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.2.1.0/24' -o eno1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.2.1.0/24' -o eno1 -j MASQUERADE
        post-up   iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to 10.2.1.2:22
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to 10.2.1.2:22

auto vmbr1
iface vmbr1 inet static
        address 10.2.2.1/24
        ...

The VM itself has internet access, dnf upgrade/ ping ... works fine.
Now executing ssh -p 2222 MYUSER@IPADDRESS immediately throws ssh: connect to host IPADDRESS port 2222: Connection refused. I don't see where it is blocked, nothing on the proxmox server in journalctl, /var/log/kern.log. Nothing on the VM in /var/log/audit/audit.log |grep denied, journalctl. I also disabled LuLu (firewall) on my mac. A regular ssh USER@IPADDRESS so on port 22 works, I can connect to the proxmox/debian server without any issues. But as soon as I add -p 2222 It immediately refuses connection.
Am I missing something?
 
well you do have DNAT --to 10.2.1.2:22 but later
auto vmbr1 iface vmbr1 inet static address 10.2.2.1/24
 
bobmc said:
well you do have DNAT --to 10.2.1.2:22 but later
auto vmbr1 iface vmbr1 inet static address 10.2.2.1/24
Click to expand...
vmbr1 is not used at all yet. The VM is using vmbr0. Or is my thinking completely wrong how to use the bridges? I thought I can use e.g vmbr0 for some VMs and for others vmbr1. So I can split them up that way.
 
In that case try

post-up iptables -t nat -A PREROUTING -i eno1 -p tcp --dport 2222 -j DNAT --to 10.2.1.2:22
 
  • Like
Reactions: leonidas_o
bobmc said:
In that case try

post-up iptables -t nat -A PREROUTING -i eno1 -p tcp --dport 2222 -j DNAT --to 10.2.1.2:22
Click to expand...
uhhh sharp eyes @bobmc , that worked. I lost a couple of hours because of that, I really appreciate that you spent your time to help me, thank you very much.
 
  • Like
Reactions: bobmc
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom