Proxmox through Tomato Firmware

shadowq

Well-Known Member
Mar 12, 2013
30
0
46
Hello,

I've got a fibre connection in Australia and am setting up Proxmox and have a /28 IPv4 subnet to use. In between the Proxmox server and the fibre connection is an Asus router that has been flashed with Tomato. Here's what I've done, and the problems I am having. Any help or insight would be super appreciated!

I've set the startup scripts for Tomato to assign all of the public IPs to it, and they're all working great.
Code:
ifconfig vlan2:0 220.***.***.1 broadcast 220.***.***.15 netmask 255.255.255.240
ifconfig vlan2:1 220.***.***.2 broadcast 220.***.***.15 netmask 255.255.255.240
etc etc
I've set the firewall scripts in Tomato to be the following:
Code:
/usr/sbin/iptables -t nat -I PREROUTING -d 220.***.***.1 -j DNAT --to-destination 10.0.0.253
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 10.0.0.253 -j SNAT --to 220.***.***.1
/usr/sbin/iptables -I FORWARD -d 10.0.0.253 -j ACCEPT

/usr/sbin/iptables -t nat -I PREROUTING -d 220.***.***.2 -j DNAT --to-destination 10.0.0.2
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 10.0.0.2 -j SNAT --to 220.***.***.2
/usr/sbin/iptables -I FORWARD -d 10.0.0.2 -j ACCEPT

/usr/sbin/iptables -t nat -I PREROUTING -d 220.***.***.3 -j DNAT --to-destination 10.0.0.3
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 10.0.0.3 -j SNAT --to 220.***.***.3
/usr/sbin/iptables -I FORWARD -d 10.0.0.3 -j ACCEPT

etc etc
For each VM set up in Proxmox, I allocate it a local IP (10.0.0.x) and leave Tomato's iptables to do its thing, which has been working well.

Problems:
If I add the external IP 220.***.***.x to a VM, that VM can't access the internet using that IP. I tried having the iptables from Tomato set to forward everything to the Node IP (10.0.0.253) but it wouldn't pass it on to the VMs.
I'm trying to install DirectAdmin on one VM, but it won't allow me to install it unless I have an external IP added to the VM and can access directadmin.com through that external IP. But, as mentioned before, when using an external IP (like binding WGET to it) it can't access the web. According to tcpdump, it seems to be going out, but when the packets come back in they don't get forwarded to the correct place.

I'm at a bit of a loss here. Can someone please help me?

Thanks,
Jarrod.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!