proxmox with 1 public ip

Z

zustudios

Renowned Member
Dec 13, 2015
86
0
71
Hi. I'm trying to set up my proxmox with one public ip. I'm trying to have webservers on 2 or more vms.
I'm trying to follow this tutorial: https://mrkmg.com/posts/2016/01/proxmox-4-with-single-public-ip-private-network/
What changes do I need to make to my router? What changes do I need to make to my host /etc/network/interfaces file?

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback
allow-hotplug eth0
iface eth0 inet static
address X.X.X.X (public ip)
netmask 255.255.255.0
gateway X.X.X.1
broadcast X.X.X.1
network X.X.X.0
dns-nameservers 8.8.8.8 8.8.4.4

auto vmbr0
iface vmbr0 inet static
pre-up iptables-restore < /etc/iptables.rules
address 192.168.1.100
netmask 255.255.255.0
gateway 192.168.1.1
broadcast 192.168.1.255
network 192.168.1.0
bridge_ports eth0
bridge_stp off
bridge_fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE





#VM100


#VM101 192.168.1.101

post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 120 -j DNAT --to-destination 192.168.1.101:20
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 120 -j DNAT --to-destination 192.168.1.101:20
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 121 -j DNAT --to-destination 192.168.1.101:21
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 121 -j DNAT --to-destination 192.168.1.101:21
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 122 -j DNAT --to-destination 192.168.1.101:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 122 -j DNAT --to-destination 192.168.1.101:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 125 -j DNAT --to-destination 192.168.1.101:25
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 125 -j DNAT --to-destination 192.168.1.101:25
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 153 -j DNAT --to-destination 192.168.1.101:53
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 153 -j DNAT --to-destination 192.168.1.101:53
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 180 -j DNAT --to-destination 192.168.1.101:80
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 180 -j DNAT --to-destination 192.168.1.101:80
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 1110 -j DNAT --to-destination 192.168.1.101:110
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 1110 -j DNAT --to-destination 192.168.1.101:110
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 1143 -j DNAT --to-destination 192.168.1.101:143
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 1143 -j DNAT --to-destination 192.168.1.101:143
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 1443 -j DNAT --to-destination 192.168.1.101:443
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 1443 -j DNAT --to-destination 192.168.1.101:443
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 1993 -j DNAT --to-destination 192.168.1.101:993
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 1993 -j DNAT --to-destination 192.168.1.101:993
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 1995 -j DNAT --to-destination 192.168.1.101:995
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 1995 -j DNAT --to-destination 192.168.1.101:995
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 11935 -j DNAT --to-destination 192.168.1.101:1935
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 11935 -j DNAT --to-destination 192.168.1.101:1935
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 13306 -j DNAT --to-destination 192.168.1.101:3306
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 13306 -j DNAT --to-destination 192.168.1.101:3306
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 15080 -j DNAT --to-destination 192.168.1.101:5080
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 15080 -j DNAT --to-destination 192.168.1.101:5080
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 18080 -j DNAT --to-destination 192.168.1.101:8080
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 18080 -j DNAT --to-destination 192.168.1.101:8080
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 18081 -j DNAT --to-destination 192.168.1.101:8081
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 18081 -j DNAT --to-destination 192.168.1.101:8081

#VM102 192.168.1.102

post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 220 -j DNAT --to-destination 192.168.1.102:20
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 220 -j DNAT --to-destination 192.168.1.102:20
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 221 -j DNAT --to-destination 192.168.1.102:21
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 221 -j DNAT --to-destination 192.168.1.102:21
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 222 -j DNAT --to-destination 192.168.1.102:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 222 -j DNAT --to-destination 192.168.1.102:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 225 -j DNAT --to-destination 192.168.1.102:25
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 225 -j DNAT --to-destination 192.168.1.102:25
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 253 -j DNAT --to-destination 192.168.1.102:53
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 253 -j DNAT --to-destination 192.168.1.102:53
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 280 -j DNAT --to-destination 192.168.1.102:80
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 280 -j DNAT --to-destination 192.168.1.102:80
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 2110 -j DNAT --to-destination 192.168.1.102:110
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 2110 -j DNAT --to-destination 192.168.1.102:110
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 2143 -j DNAT --to-destination 192.168.1.102:143
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 2143 -j DNAT --to-destination 192.168.1.102:143
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 2443 -j DNAT --to-destination 192.168.1.102:443
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 2443 -j DNAT --to-destination 192.168.1.102:443
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 2993 -j DNAT --to-destination 192.168.1.102:993
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 2993 -j DNAT --to-destination 192.168.1.102:993
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 2995 -j DNAT --to-destination 192.168.1.102:995
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 2995 -j DNAT --to-destination 192.168.1.102:995
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 21935 -j DNAT --to-destination 192.168.1.102:1935
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 21935 -j DNAT --to-destination 192.168.1.102:1935
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 23306 -j DNAT --to-destination 192.168.1.102:3306
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 23306 -j DNAT --to-destination 192.168.1.102:3306
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 25080 -j DNAT --to-destination 192.168.1.102:5080
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 25080 -j DNAT --to-destination 192.168.1.102:5080
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 28080 -j DNAT --to-destination 192.168.1.102:8080
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 28080 -j DNAT --to-destination 192.168.1.102:8080
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 28081 -j DNAT --to-destination 192.168.1.102:8081
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 28081 -j DNAT --to-destination 192.168.1.102:8081
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 12006 -j DNAT --to-destination 192.168.1.102:2006
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 12006 -j DNAT --to-destination 192.168.1.102:2006
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 12007 -j DNAT --to-destination 192.168.1.102:2007
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 12007 -j DNAT --to-destination 192.168.1.102:2007
 
These changes look good, but if we would know what you try to do, we can help better.

The setup you show redirects ports to your VMs.

One way to do a single Web-Server redirect is to use e.g. Apache and redirect specific domains to specific virtual machines via reverse proxy. Maybe this is easier, because you do not need to fiddle around with iptables. This only applies to webservers on Port 80 and Port 443.
 
I'm trying to start a vps service. At this point I can access both web panels on vm 101 and vm 102. Do I need to make changes to my router? All ports needed will not open. I forwarded the ports ex. port 120(vm 101) = port 20 but when I went to port checker port 120 is not open.Am I doing anything wrong? Is there a guide to do a single Web-Server redirect?
 
Host's IP configuration is not correct.

Not quite sure about your configuration:

variant 1:

eth0 is connected directly to internet (no NAT router between) and vmbr0 is the bridge to all VMs.

Therefore eth0 must not be a member of vmbr0!

Moreover, in all iptables commands "-i vmbr0" has to be changed to "-i eth0".

variant 2:

eth0 is connected to internet via NAT router.

eth0 must not contain any IP address.

All port forwardings have to be set in the NAT router but not in Proxmox host.
 
I aim to start all over but I'm having a problem opening up the new ports. After I port forward a vm to the new ports my router says that the ports are forwarded but when I test the ports they are showing up as not open. The regular ports needed are showing up as open (21,22,80,443).Am I doing something wrong or are the being blocked by my isp?

In my current /etc/network/interfaces file( shown on first post) VM 101 and 102 both web panels show up (using an internal ip to access the panel) how ever when I use my public ip none show up. It's the same for ssh. My web panels don't have full functionality.

In my other set up everything works with full functionality but I can only use one vm.

Can someone give me an example of the /etc/network/interfaces file of the changes I should make?

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

iface eth0 inet static
address X.X.X.X (public ip)
netmask 255.255.255.0
gateway X.X.X.X
broadcast X.X.X.X
network X.X.X.X

auto vmbr0
iface vmbr0 inet static
pre-up iptables-restore < /etc/iptables.rules
address 192.168.1.100
netmask 255.255.255.0
gateway 192.168.1.1
broadcast 192.168.1.255
network 192.168.1.0
bridge_ports eth0
bridge_stp off
bridge_fd 0

#VM100


#VM101

iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 120 -j DNAT --to-destination 192.168.1.101:20
iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 121 -j DNAT --to-destination 192.168.1.101:21
iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 122 -j DNAT --to-destination 192.168.1.101:22
iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 125 -j DNAT --to-destination 192.168.1.101:25
iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 153 -j DNAT --to-destination 192.168.1.101:53
iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 180 -j DNAT --to-destination 192.168.1.101:80
iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 1110 -j DNAT --to-destination 192.168.1.101:110
iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 1143 -j DNAT --to-destination 192.168.1.101:143
iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 1443 -j DNAT --to-destination 192.168.1.101:443
iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 1993 -j DNAT --to-destination 192.168.1.101:993
iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 1995 -j DNAT --to-destination 192.168.1.101:995
iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 11935 -j DNAT --to-destination 192.168.1.101:1935
iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 13306 -j DNAT --to-destination 192.168.1.101:3306
iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 15080 -j DNAT --to-destination 192.168.1.101:5080
iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 18080 -j DNAT --to-destination 192.168.1.101:8080
iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 18081 -j DNAT --to-destination 192.168.1.101:8081
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back