[SOLVED] Requesting Best Practices and Guidance

Austin H

New Member
Apr 10, 2019
8
0
1
30
Ontario, Canada
==Problem==
Problem: I cannot understand the correct method to securely route traffic from a domain on public ip (reverse-proxy for example) to individual containers or vms.
I like doing all the console configuration early so the ui can take-over updates and maintenance.
Again, I am struggling with host to guest networking.
I like using the web-ui if I can because a picture is worth a thousand words, and it's a nice summary of data.
I can post more config files if needed and also share pictures of the web ui.
Jump to ==Interfaces== if you do not need the fluff pieces.
==Problem==

==Proxmox==
Why Promox?: I decided to consolidate all my server needs into Proxmox LXC or VM. Promox looked easy.
The server is fully update to all latest firmware, bios and Proxmox is already installed an I have a few test guests. I can reinstall if needed.
My old setup spanned 4-7 mini or medium servers at one point.
It was hard to manage and more expensive, but most were plug and play.
Also, different providers had different deals at different times, so bills where all over.
==Proxmox==

==Situation Information==
About Me: Serious Power User, Several Coding Languages, Linux-able and more.... (give me instruction or advice and I am capable of quickly testing/executing them), but my networking configuration skills are poor.

Product: Dell PowerEdge R230
Location: Remote Data Center (no physical access)
idrac Access: Requires vpn and idrac login credentials. (i have access)
Current Host: Proxmox 5.3-8 (newest stable) (i have access & setup)
Current Guests: Debian, Ubuntu, ClearOS (and maybe a Windows or Mac later...) (access but no net)
Public IP Count: 1 (standard ip)
Spec: 8 cores, 8GB RAM, (will upgrade if I can secure and maintain Proxmox)

Plans: Public IP, Firewall, Domain Based Routing (like reverse proxy) to guests, need route from host to guest network, guests will have their own firewall too.
Network: I have recorded the basic networking and routing information of the originally installed Ubuntu server and implemented it on my server.
==Situation Information==

==Interfaces==
The semi-hidden public ip has the same hidden value where 'x' is put.
I would have 'y' for another hidden ip if I had one.
I tried some network tutorials from Proxmox and also debian server/ubuntu server tutorials.
Nothing seemed to get the guests connected.

## begin /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface eno2 inet manual

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
address 1xx.xxx.xxx.248
netmask 255.255.255.224
gateway 1xx.xxx.xxx.225
bridge-ports eno2
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet static
address 10.21.21.254
netmask 255.255.255.224
bridge-ports none
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.21.21.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.21.21.0/24' -o vmbr0 -j MASQUERADE

## end /etc/network/interfaces
==interfaces==

==post-script==
If all goes well, I will probably get a subscription at some point. I just need to have proof of concept otherwise I will need to switch to another open source project or go back to waiting and paying for Digital Ocean or some company like that to control everything.

I am quite lost with the host to guest routing. I have ignored firewalls for now, as this is purely for functionality until I can set firewall rules.
==post-script==
 
Since you have only one public IP you have to define port forwarding via iptables in order to make connection from public network to containers/VMs possible.

Connections from containers/VMs to public network should already work with your current settings.
 
I eventually resolved this, but shut down the server in favor of 3 small 5 dollar a month Digital Ocean VPS. I'm trying to build a home server instead now.
Marking as resolved.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!