Hi there.
I would like to set up portforwardings in a container on a dedicated server with only 1 public IPv4.
Up to now I tried these settings:
in my pve/host:
the public IP is configured in ens3; in vmbr0 all requests are forwarded to my "router-container (100)" 172.0.0.2 (except 22 and 8006 for the host); vmbr1 should be the local interface for other clients/CTs
container 100: (eth0 -> vmbr0 | eth1 -> vmbr1)
eth0 is connected to vmbr0 with local ip 172.0.0.2 (gateway in host is 172.0.0.1)
on eth1 i want to control my forwardings to the address range 172.19.71.0; e.g. ssh-ports for my container 101, 102 and 103
finally the regular config in the other CTs: (e.g. CT101 | eth1 -> vmbr1)
local address for this CT is 172.19.71.101, gateway from the routing-container is 172.19.71.100
So: in the host and in CT 100, I can connect all destinations (IPs and DNS), even outside the LAN without difficulty. But in my other CTs (101, 102, etc.) I have no connection to any DNS names and also no connection to any WAN-IPs. Just all my local IPs (also the WAN-IP from the host 89.58.██.███) are pingable.
What did I do wrong? Any ideas?
Thanking you in anticipation.
Regards,
Dex
I would like to set up portforwardings in a container on a dedicated server with only 1 public IPv4.
Up to now I tried these settings:
in my pve/host:
Code:
auto lo
iface lo inet loopback
auto ens3
iface ens3 inet static
address 89.58.██.███/22
gateway 89.58.██.█
auto vmbr0
iface vmbr0 inet static
address 172.0.0.1/30
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-down echo 0 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '172.0.0.0/30' -o ens3 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '172.0.0.0/30' -o ens3 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i ens3 -p tcp -m multiport ! --dport 22,8006 -j DNAT --to 172.0.0.2
post-down iptables -t nat -D PREROUTING -i ens3 -p tcp -m multiport ! --dport 22,8006 -j DNAT --to 172.0.0.2
auto vmbr1
iface vmbr1 inet static
address 172.19.71.100/24
bridge-ports none
bridge-stp off
bridge-fd 0container 100: (eth0 -> vmbr0 | eth1 -> vmbr1)
Code:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 172.0.0.2/30
gateway 172.0.0.1
auto eth1
iface eth1 inet static
address 172.19.71.100/24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-down echo 0 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '172.19.71.0/24' -o eth0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '172.19.71.0/24' -o eth0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22101 -j DNAT --to 172.19.71.101:22
post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 22101 -j DNAT --to 172.19.71.101:22
post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22102 -j DNAT --to 172.19.71.102:22
post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 22102 -j DNAT --to 172.19.71.102:22
post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22103 -j DNAT --to 172.19.71.103:22
post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 22103 -j DNAT --to 172.19.71.103:22on eth1 i want to control my forwardings to the address range 172.19.71.0; e.g. ssh-ports for my container 101, 102 and 103
finally the regular config in the other CTs: (e.g. CT101 | eth1 -> vmbr1)
Code:
auto lo
iface lo inet loopback
auto eth1
iface eth1 inet static
address 172.19.71.101/24
gateway 172.19.71.100So: in the host and in CT 100, I can connect all destinations (IPs and DNS), even outside the LAN without difficulty. But in my other CTs (101, 102, etc.) I have no connection to any DNS names and also no connection to any WAN-IPs. Just all my local IPs (also the WAN-IP from the host 89.58.██.███) are pingable.
What did I do wrong? Any ideas?
Thanking you in anticipation.
Regards,
Dex