PROXMOX 4.4 with a single public IP, lxc container can't reach from Internet

[Christopher Miller]

Unable to connect

I have proxmox 4.4 installed with a single public IP, I installed a lxc conatiner with alpine 3.4, running lighttpd on port 80. I deactivated host and lxc container firewall, but it can not connect
Error: can't connect to see the index.html file.

or if I use ssh (after changing port 800 to 2222 on host and port on lxc container to 22
ssh -p 2222 root@my-public-IP
no route defined.

network setup:
vmbr0 IP is my public IP, Gateway=Gateway-of-my public-IP 218.111.z.65

 

[Christopher Miller]

 

[LnxBil]

Have you set the right gateway in your lxc guest? It has to be 192.168.0.254.

I'd also use -d 218.10.x.y in your prerouting command to make sure the right packages are dnatted.

 

[Christopher Miller]

Bridges are configured correctly because I can ping from host the lxc-container and vice versa
(ping from lxc-container host).
I need to know the correct systax for
ssh (from Internet to lyx-conatiner: 192.168.0.2, public IP 218.10.111.x)
http so use port 80 on host and port 80 in lxc-container.
The routing does not properly work because in the /etc/network/interfaces configuration file
is still not correct.
Are there any tests
rout -n or what ever ...?
Thank you.

 

[LnxBil]

Please cat your network configuration. route -n shows the gateway.

 

[Christopher Miller]

 

[Christopher Miller]

Thank you for helping me. I appreciate that.

 

[LnxBil]

Sorry, I was not precise enough: Please post the settings from the container.

 

[Christopher Miller]

 

[Christopher Miller]

Sorry, I was not precise enough: Please post the settings from the container.

See screenshots below. Thank you.

 

[LnxBil]

Your nat is wrong, you just have to use one "correct" iptables commands:

post-up iptables -t nat -A PREROUTING -d 218.10.111.101 -p tcp --dport    80 -j DNAT --to-destination 192.168.0.2:80
post-up iptables -t nat -A PREROUTING -d 218.10.111.101 -p tcp --dport   443 -j DNAT --to-destination 192.168.0.2:443

 

[Christopher Miller]

Your nat is wrong, you just have to use one "correct" iptables commands:

post-up iptables -t nat -A PREROUTING -d 218.10.111.101 -p tcp --dport    80 -j DNAT --to-destination 192.168.0.2:80
post-up iptables -t nat -A PREROUTING -d 218.10.111.101 -p tcp --dport   443 -j DNAT --to-destination 192.168.0.2:443

I have still problems to connect to lighttpd in the lxc-conatiner running alpine linux 3.4, up-to-date.
There were some updates coming in.
The connection is actually reset. When I use ssh my connection ends up in the host system which seems to be for
me an indication that the forwarding does not work properly.
Do I not need to specify the bridge in thpost-up iptables line? The underlaying debain system is up-todate.
The proxmox is the orginal on from version 4.4:
Virtual Enviroment 4.4-1/eb2d6f1e
I sued also netcat:
nc -zv 218.10.111.101 800 (from my notebook), I use port 800 on the pve node now .... :
218.10.111.101 800 (mdbs-daemon) open (so ok !)
But forwarding still not working correctly.

 

[Christopher Miller]

Your nat is wrong, you just have to use one "correct" iptables commands:

post-up iptables -t nat -A PREROUTING -d 218.10.111.101 -p tcp --dport    80 -j DNAT --to-destination 192.168.0.2:80
post-up iptables -t nat -A PREROUTING -d 218.10.111.101 -p tcp --dport   443 -j DNAT --to-destination 192.168.0.2:443

When I
http://218.10.111.101:800/
I see the ssh - version..... from debain
and then it says "Connection reset"
with ssh I treid to connet ass follows
ssh -p 2222 root@218.10.111.101 to ssh into the lxc-container from outside (my notebook)

 

[LnxBil]

Have you removed the old iptables rules? You need to start "fresh". The rules I gave you were only for HTTP and HTTPs, so no SSH there.

Try if you have working IPv6, then you will never have any problems with IP forwarding :-D