Hello,
I've got a fibre connection in Australia and am setting up Proxmox and have a /28 IPv4 subnet to use. In between the Proxmox server and the fibre connection is an Asus router that has been flashed with Tomato. Here's what I've done, and the problems I am having. Any help or insight would be super appreciated!
I've set the startup scripts for Tomato to assign all of the public IPs to it, and they're all working great.
I've set the firewall scripts in Tomato to be the following:
For each VM set up in Proxmox, I allocate it a local IP (10.0.0.x) and leave Tomato's iptables to do its thing, which has been working well.
Problems:
If I add the external IP 220.***.***.x to a VM, that VM can't access the internet using that IP. I tried having the iptables from Tomato set to forward everything to the Node IP (10.0.0.253) but it wouldn't pass it on to the VMs.
I'm trying to install DirectAdmin on one VM, but it won't allow me to install it unless I have an external IP added to the VM and can access directadmin.com through that external IP. But, as mentioned before, when using an external IP (like binding WGET to it) it can't access the web. According to tcpdump, it seems to be going out, but when the packets come back in they don't get forwarded to the correct place.
I'm at a bit of a loss here. Can someone please help me?
Thanks,
Jarrod.
I've got a fibre connection in Australia and am setting up Proxmox and have a /28 IPv4 subnet to use. In between the Proxmox server and the fibre connection is an Asus router that has been flashed with Tomato. Here's what I've done, and the problems I am having. Any help or insight would be super appreciated!
I've set the startup scripts for Tomato to assign all of the public IPs to it, and they're all working great.
Code:
ifconfig vlan2:0 220.***.***.1 broadcast 220.***.***.15 netmask 255.255.255.240
ifconfig vlan2:1 220.***.***.2 broadcast 220.***.***.15 netmask 255.255.255.240
etc etc
Code:
/usr/sbin/iptables -t nat -I PREROUTING -d 220.***.***.1 -j DNAT --to-destination 10.0.0.253
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 10.0.0.253 -j SNAT --to 220.***.***.1
/usr/sbin/iptables -I FORWARD -d 10.0.0.253 -j ACCEPT
/usr/sbin/iptables -t nat -I PREROUTING -d 220.***.***.2 -j DNAT --to-destination 10.0.0.2
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 10.0.0.2 -j SNAT --to 220.***.***.2
/usr/sbin/iptables -I FORWARD -d 10.0.0.2 -j ACCEPT
/usr/sbin/iptables -t nat -I PREROUTING -d 220.***.***.3 -j DNAT --to-destination 10.0.0.3
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 10.0.0.3 -j SNAT --to 220.***.***.3
/usr/sbin/iptables -I FORWARD -d 10.0.0.3 -j ACCEPT
etc etcProblems:
If I add the external IP 220.***.***.x to a VM, that VM can't access the internet using that IP. I tried having the iptables from Tomato set to forward everything to the Node IP (10.0.0.253) but it wouldn't pass it on to the VMs.
I'm trying to install DirectAdmin on one VM, but it won't allow me to install it unless I have an external IP added to the VM and can access directadmin.com through that external IP. But, as mentioned before, when using an external IP (like binding WGET to it) it can't access the web. According to tcpdump, it seems to be going out, but when the packets come back in they don't get forwarded to the correct place.
I'm at a bit of a loss here. Can someone please help me?
Thanks,
Jarrod.