Requests from Nat network to itself not working

T

timdreier

New Member
Apr 13, 2020
2
0
1
25
Hi,
I have a proxmox setup with one public IP, that's why I have a NAT network with port forwarding. Everything works fine from outside the NAT network, except when I try to reach a server inside the NAT network from any other server inside the NAT network.
I already configured the loopback interface like below, since that I can reach the VMs (via their public URL) from the proxmox host, but still not from any VM inside the NAT network.
Thank you for your help!
Code: 
auto lo
iface lo inet loopback

iface ens3 inet manual

auto vmbr0
iface vmbr0 inet static
        address xxx.xxx.xxx.xxx/xx
        gateway xxx.xxx.xxx.xxx
        bridge-ports ens3
        bridge-stp off
        bridge-fd 0


auto vmbr1
iface vmbr1 inet static
        address  10.10.10.1
        netmask  255.255.255.0
        network 10.10.10.0
        broadcast 10.10.10.255
        bridge_ports none
        bridge_stp off
        bridge_fd 0

        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   sysctl -w net.ipv4.conf.all.route_localnet=1
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE

        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 10.10.10.2:80
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 10.10.10.2:80
        post-up iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to 10.10.10.2:80
        post-down iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to 10.10.10.2:80

        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 10.10.10.2:443
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 10.10.10.2:443
        post-up iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to 10.10.10.2:443
        post-down iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to 10.10.10.2:443

        post-up iptables -t nat -A OUTPUT -o lo -d 127.0.0.1 -p tcp --dport 443 -j DNAT  --to-destination 10.10.10.2:443
        post-down iptables -t nat -A OUTPUT -o lo -d 127.0.0.1 -p tcp --dport 443 -j DNAT  --to-destination 10.10.10.2:443

        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22 -j DNAT --to 10.10.10.5:22
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22 -j DNAT --to 10.10.10.5:22

        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 9418 -j DNAT --to 10.10.10.5:9418
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 9418 -j DNAT --to 10.10.10.5:9418

        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to 10.10.10.10:22
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to 10.10.10.10:22

        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2200 -j DNAT --to 10.10.10.9:22
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2200 -j DNAT --to 10.10.10.9:22
 
Last edited:
Hi!

Have you been able to solve your problem? There is a typo "poat" in your line
Code: 
poat-up   sysctl -w net.ipv4.conf.all.route_localnet=1

Best
Dominic
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back