Proxmox + windows + local ip addresses

Danik

Active Member
Jan 13, 2012
38
1
28
Hi I have a question regarding configuration on proxmox networking for using with windows and private ip addressees inside windows virtual machines


I have for my server two ip addresses (I have replaced real one with wrong)
Code:
First 5.9.32.14/27
Second 5.9.32.22/27
I have proxmox installed with such network configuration
(I have replaced real ip addresses)


cat /etc/network/interfaces
Code:
# network interface settings
auto lo
iface lo inet loopback


auto eth0
iface eth0 inet static
    address  5.9.32.14
    netmask  255.255.255.224
    gateway  5.9.32.30
    broadcast  5.9.32.31
    

auto eth0:0
iface eth0:0 inet static
    address 5.9.32.22
    netmask 255.255.255.224


auto vmbr0
iface vmbr0 inet static
    address  10.0.0.254
    netmask  255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0


    post-up echo 1 > /proc/sys/net/ipv4/ip_forward


    post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -j SNAT --to-source 5.9.32.22
post-up iptables -t nat -A PREROUTING -p tcp -d 5.9.32.22 --dport 55575 -j DNAT --to-destination 10.0.0.28:3389
post-up iptables -t nat -A PREROUTING -p tcp -d 5.9.32.22 --dport 55576 -j DNAT --to-destination 10.0.0.25:3389


    post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -j SNAT --to-source 5.9.32.22


    post-down iptables -t nat -D PREROUTING -p tcp -d 5.9.32.22 --dport 55575 -j DNAT --to-destination 10.0.0.28:3389
post-down iptables -t nat -D PREROUTING -p tcp -d 5.9.32.22 --dport 55576 -j DNAT --to-destination 10.0.0.25:3389


on my windows virtual server I have configured network interface


first
ip 10.0.0.28/24
gw 10.0.0.254
and second
ip 10.0.0.25/24
gw 10.0.0.254


but yesterday I have received notification from hetzner about blocking my server for using “using other IPs from the same subnet in addition to the main IP”


with this text message and log cut


We have noticed that you have been using other IPs from the same subnet in addition to the main IP mentioned in the above subject line.
As this is not permitted, we regret to inform you that your server has been deactivated.
Guidelines regarding further course of action may be found in our wiki: http://wiki.hetzner.de/index.php/Leitfaden_bei_Serversperrung/en.
Yours faithfully
Your Hetzner Support Team


with this log
Code:
14:54:26.253525 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.65146 > 200.98.197.15.80: Flags [F.], seq 0, ack 1, win 64240, length 0
14:54:26.253531 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.65191 > 213.202.231.133.80: Flags [F.], seq 0, ack 1, win 64189, length 0
14:54:26.253535 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.65068 > 69.89.27.227.80: Flags [F.], seq 1737849890, ack 211617514, win 64240, length 0
14:54:26.253539 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.65013 > 140.211.169.158.80: Flags [F.], seq 2257094457, ack 3270614816, win 64240, length 0
14:54:26.253552 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.65081 > 140.211.169.158.80: Flags [F.], seq 1718026163, ack 3340573077, win 64240, length 0
14:54:26.253556 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.65204 > 213.202.231.133.80: Flags [F.], seq 0, ack 1, win 64187, length 0
14:54:26.299563 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.65047 > 184.168.186.1.80: Flags [F.], seq 1990516798, ack 1589007876, win 64240, length 0
14:54:26.299568 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.65055 > 140.211.169.158.80: Flags [F.], seq 467751606, ack 3312380689, win 64240, length 0
14:54:26.299580 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.65173 > 109.231.76.154.80: Flags [F.], seq 0, ack 1, win 63914, length 0
14:54:26.299615 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.64909 > 193.143.121.45.80: Flags [F.], seq 2285642414, ack 1622509454, win 64240, length 0
14:54:26.299619 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.64994 > 69.89.27.227.80: Flags [F.], seq 2563199497, ack 2936437683, win 63497, length 0
14:54:26.299627 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.65206 > 109.231.76.154.80: Flags [F.], seq 0, ack 1, win 64240, length 0
14:54:26.332613 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.28.1509 > 50.22.65.192.80: Flags [F.], seq 353880599, ack 4282688343, win 65530, length 0
14:54:26.332656 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.28.2302 > 72.167.131.220.80: Flags [F.], seq 0, ack 1, win 65535, length 0
14:54:26.332721 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.28.2026 > 174.37.65.184.80: Flags [F.], seq 272161576, ack 2114415981, win 64995, length 0
14:54:26.346338 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.28.2379 > 184.172.178.96.80: Flags [F.], seq 806342594, ack 680864209, win 65530, length 0
14:54:26.353235 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.65127 > 109.231.76.154.80: Flags [F.], seq 0, ack 1, win 64235, length 0
14:54:26.353254 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.64783 > 121.153.37.215.80: Flags [F.], seq 1384744837, ack 559801220, win 64240, length 0
14:54:26.353268 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.65112 > 109.231.76.154.80: Flags [F.], seq 0, ack 1, win 63897, length 0
14:54:26.433510 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.28.2372 > 50.28.57.26.80: Flags [F.], seq 0, ack 1, win 64523, length 0
14:54:26.444169 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.65124 > 174.136.109.218.8888: Flags [F.], seq 1372515656, ack 2237358090, win 63240, length 0
14:54:26.452852 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.63285 > 211.255.23.46.80: Flags [R.], seq 1785111307, ack 1340963617, win 0, length 0
14:54:26.452881 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.65060 > 200.98.197.15.80: Flags [F.], seq 0, ack 1, win 64240, length 0
14:54:26.452891 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.64397 > 72.14.177.54.80: Flags [F.], seq 3669564861, ack 85550670, win 64240, length 0
14:54:26.452894 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.65162 > 85.25.116.165.80: Flags [F.], seq 0, ack 1, win 63657, length 0
14:54:26.470347 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.28.2420 > 78.159.96.222.80: Flags [F.], seq 604960167, ack 1183153050, win 64899, length 0
14:54:26.498652 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.65207 > 85.25.116.165.80: Flags [F.], seq 0, ack 1, win 64240, length 0
14:54:26.498658 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.65186 > 85.25.116.165.80: Flags [F.], seq 0, ack 1, win 64240, length 0
14:54:26.498689 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.65182 > 86.110.226.96.80: Flags [F.], seq 0, ack 1, win 64240, length 0
14:54:26.498710 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.65153 > 85.25.116.165.80: Flags [F.], seq 0, ack 1, win 62950, length 0
14:54:26.498736 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.25.65111 > 86.110.226.96.80: Flags [F.], seq 0, ack 1, win 64240, length 0
14:54:26.533987 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.28.2206 > 103.1.175.1.80: Flags [F.], seq 2435435415, ack 2610496610, win 64870, length 0
14:54:26.534026 59:78:F8:57:F1:9A > 49:67:87:16:D0:1D, ethertype IPv4 (0x0800), length 60: 10.0.0.28.1802 > 173.231.25.82.80: Flags [F.], seq 3257064943, ack 2008548029, win 65535, length 0


where 59:78:F8:57:F1:9A my eth0 mac address
and 49:67:87:16:D0:1D mac address of my default gateway


concerning to
Code:
ifconfig |grep 59:78:F8:57:F1:9A
eth0      Link encap:Ethernet  HWaddr 59:78:F8:57:F1:9A  
eth0:0    Link encap:Ethernet  HWaddr 59:78:F8:57:F1:9A  


arp -an
? (5.9.32.30) at 49:67:87:16:D0:1D [ether] on eth0


How should I configure my Proxmox to avoid this blocking in future?
Can anyone suggest?

Hetzner support suggests to configure strict firewall rules which ensure that only the assigned IP addresses will sent packets to the network
but I have tried to do this with no luck :(

 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!