[SOLVED] Proxmox 8.3.3 - guest windows server 2019 no internet

[roboto]

subnet /24 = 255.255.255.0

added it in VM settings, still same error, no change
I'm not sure what I'm doing wrong

 

[Moayad]

Can you chekc if you can ping 8.8.8.8 from the Windows VM? If that works, then NAT is fine, but your DNS might be off. In that case, try setting your DNS server in Windows to something like 8.8.8.8 or the same DNS you have on your PVE in `/etc/resolv.conf`.

 

[roboto]

Can you chekc if you can ping 8.8.8.8 from the Windows VM? If that works, then NAT is fine, but your DNS might be off. In that case, try setting your DNS server in Windows to something like 8.8.8.8 or the same DNS you have on your PVE in `/etc/resolv.conf`.

Can't ping 8.8.8.8
Tried setting dns as 8.8.8.8 and 62.141.32.5 which can be found in `/etc/resolv.conf`
nameserver 62.141.32.5
nameserver 62.141.32.4
nameserver 62.141.32.3

 

[Moayad]

Ah, when i re-check the network configuration I see

post-up iptables -t nat -A POSTROUTING -s '192.168.1.1/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.1.1/24' -o vmbr0 -j MASQUERADE

Could you try set `enp2s0` instead of `vmbr0` i.e.:

post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o enp2s0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o enp2s0 -j MASQUERADE

Then run `ifreload -a` to apply the changes. This should allow the VM to NAT out via your physical NIC.

 

[roboto]

Ah, when i re-check the network configuration I see

post-up iptables -t nat -A POSTROUTING -s '192.168.1.1/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.1.1/24' -o vmbr0 -j MASQUERADE

Could you try set `enp2s0` instead of `vmbr0` i.e.:

post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o enp2s0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o enp2s0 -j MASQUERADE

Then run `ifreload -a` to apply the changes. This should allow the VM to NAT out via your physical NIC.

Amazing!
Internet finally works on the VM. Just it looks like rdp isn't working. It is enabled in the VM.

Shold i also replace vmbr0 with enp2s0 here?

post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 3389 -j DNAT --to 192.168.1.2:3389
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

 

[Moayad]

Yes, exactly! you want traffic from the outside arriving on the physical NIC `enp2s0` to get forwarded into your VM. Also make sure that there is no firewall on both Windows and your PVE.

 

[roboto]

Yes, exactly! you want traffic from the outside arriving on the physical NIC `enp2s0` to get forwarded into your VM. Also make sure that there is no firewall on both Windows and your PVE.

I'm incredibly thankful for your time and patience. RDP connection works!
Big thanks to both of you and thank goodness that there are people like you who are willing to take from their own time and help strangers online!
I would not have been able to do this myself!

 

[_gabriel]

of course, you will get 35k attempts of logins per 24h as your RDP is now public.

 

[roboto]

of course, you will get 35k attempts of logins per 24h as your RDP is now public.

Yep, I know. Happened before. I was blocking IP's. I use at the moment shared rdp and did for years, either alone on shared and didn't have much problems with it.
Is there any way to narrow rdp access to one country and at least narrow the bot attacks?

 

[_gabriel]

if RDP clients are static ip then iptables PREROUTING to only these. (-s argument)
else VPN