proxmox cluster behind nat hardware firewall

[pieterk]

Hi All,

Is it possible to have proxmox behind a NAT firewall in terms of VNC? Do the ports need to be forwarded to just one host or all hosts in the cluster?

For example.

host1 - 10.10.10.1
host2 - 10.10.10.2
host3 - 10.10.10.3

firewall - 192.168.0.1 (outside) - 10.10.10.4 (inside)

Do VNC ports only forward to host1 or to all hosts?

Thanks

 

[Mr.Holmes]

Hello pieterk,

Hopefully I understand your configuration and request correctly, I suppose:

Behind a NAT router which has the address 192.168.0.1 you have a proxmox cluster in a 10.10.10.0/24 network.

The question is how to reach the consoles in that cluster from 192.168.0.0/24 network.

Answer:

- Select one of the cluster nodes where you want to connect to with web gui (e.g. 10.10.10.2)

- forward tcp ports 8006 and 5900 to 5999 to that node

That´s all. VNC (via web interface) should work now for all machines in the cluster regardless on which node they are located.

Kind regards

Mr.Holmes

 

[e100]

Improvement to Mr. Holmes suggestion.

Add a floating IP to the Proxmox cluster configuration and forward your ports to that IP.
in cluster.conf

  <rm>
        <service autostart="1" exclusive="0" name="masterIP" recovery="relocate">
        <ip address="10.10.10.5"/>
        </service>
  </rm>
</cluster>

As long as you have quorum that IP will be up on one of the nodes.
If you port forward to a single node and that node failed you would not be able to manage anything.

A more secure method would be to use a VPN instead of forwarding ports.