Requests from Nat network to itself not working

T

timdreier

New Member
Apr 13, 2020
2
0
1
27
Hi,
I have a proxmox setup with one public IP, that's why I have a NAT network with port forwarding. Everything works fine from outside the NAT network, except when I try to reach a server inside the NAT network from any other server inside the NAT network.
I already configured the loopback interface like below, since that I can reach the VMs (via their public URL) from the proxmox host, but still not from any VM inside the NAT network.
Thank you for your help!
Code: 
auto lo
iface lo inet loopback

iface ens3 inet manual

auto vmbr0
iface vmbr0 inet static
        address xxx.xxx.xxx.xxx/xx
        gateway xxx.xxx.xxx.xxx
        bridge-ports ens3
        bridge-stp off
        bridge-fd 0


auto vmbr1
iface vmbr1 inet static
        address  10.10.10.1
        netmask  255.255.255.0
        network 10.10.10.0
        broadcast 10.10.10.255
        bridge_ports none
        bridge_stp off
        bridge_fd 0

        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   sysctl -w net.ipv4.conf.all.route_localnet=1
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE

        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 10.10.10.2:80
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 10.10.10.2:80
        post-up iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to 10.10.10.2:80
        post-down iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to 10.10.10.2:80

        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 10.10.10.2:443
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 10.10.10.2:443
        post-up iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to 10.10.10.2:443
        post-down iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to 10.10.10.2:443

        post-up iptables -t nat -A OUTPUT -o lo -d 127.0.0.1 -p tcp --dport 443 -j DNAT  --to-destination 10.10.10.2:443
        post-down iptables -t nat -A OUTPUT -o lo -d 127.0.0.1 -p tcp --dport 443 -j DNAT  --to-destination 10.10.10.2:443

        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22 -j DNAT --to 10.10.10.5:22
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22 -j DNAT --to 10.10.10.5:22

        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 9418 -j DNAT --to 10.10.10.5:9418
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 9418 -j DNAT --to 10.10.10.5:9418

        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to 10.10.10.10:22
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to 10.10.10.10:22

        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2200 -j DNAT --to 10.10.10.9:22
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2200 -j DNAT --to 10.10.10.9:22
 
Last edited:
Hi!

Have you been able to solve your problem? There is a typo "poat" in your line
Code: 
poat-up   sysctl -w net.ipv4.conf.all.route_localnet=1

Best
Dominic
 
You must log in or register to reply here.
Top Bottom