routing to internal VPN server

N

nikko

New Member
Nov 18, 2013
22
0
1
Hello guys, I have a proxmox with virutal windows servers on a company network. On one of the Windows VMs I have installed VPN. I would like to connect from a virtual client to the subnet of the Windows Server. The windows server is listenting on port 1723. I would like to forward all the traffic that comes on port 1723 in Proxmox to the Windows VMs, which is inside the proxmox and has an internal ip like 172.16.16.2:1723. I have the following IP table, but it does not seem to work.
Code: 
iptables -t nat -A PREROUTING -p tcp --dport xx.xxx.xx.xx:1723 -j DNAT --to destination 172.16.16.2:1723
VPN works properly, from a machine inside the network I can connect wothout any problems. And from the client with the VMware I can ping the proxmox. What am I missing?
 
Last edited:
Sorry for the late reply:
iproute:
Code: 
172.16.16.0/24 dev vmbr1  proto kernel  scope link  src 172.16.16.1
xx.162.0.0/16 dev vmbr0  proto kernel  scope link  src xx.162.2.21    //the ip of the hypervisor
default via xx.xxx.xx.xx dev vmbr0

Code: 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Code: 
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  172.16.16.0/24       0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I suppose I am doing something wrong with the ittables, themselves.
VMware ==> Workstation ==> Hypervisor ==> Windows Server/Domain Controller
176.16.16.45 ==> xx.162.2.xx ==> xx.162.2.xx ==> 176.16.16.2
(client win7) ==> (comp internal)==>(company internal)==> (VPN Server)


So I am trying to connect VMware and Windows Server. On the Vm Ware I have installed a VPN connection to connect to the hypervisor on port 1723. Question is how to make proxmox listen on 1723 (or some other port) and redirect to the windows server, so that I can join VMware Client to the domain of the windows server.
Thank you for your help in advance!
 
Last edited:
When I change some rules in etc/network/interfaces and restart the connection, I do not see any changes happening. Is it correct to just write the IP tables rule in the interfaces file like my example in the first post?
 
You forgot to nat and dnat even proto 47

iptables -t nat -A PREROUTING -p gre -d xx.xxx.xx.xx -j DNAT --to destination 172.16.16.2

DIaolin
 
It is still not connecting, the iptables look like this:
Code: 
 post-up echo 1 > /proc/sys/net/ipv4/ip_forward
 iptables -t nat -A POSTROUTING -s '172.16.16.1/24' -o eth0 -j MASQUERADE
 iptables -t nat -A POSTROUTING -s '172.16.16.1/24' -o vmbr0 -j MASQUERADE
 iptables -t nat -A PREROUTING -p gre -d xx.xxx.x.xx -j DNAT --to destination 172.16.16.2
 iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 1723 -j DNAT --to 172.16.16.2:1723
and the rest of the interface looks like this
Code: 
auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
    address  xx.xxx.x.xx
    netmask  255.255.0.0
    gateway  xx.xxx.x.xx
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0       

auto vmbr1
iface vmbr1 inet static
    address  172.16.16.1
    netmask  255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0
any idea what could be the problem?
 
Remove this:
iptables -t nat -A POSTROUTING -s '172.16.16.1/24' -o eth0 -j MASQUERADE

and add
iptables -t nat -A POSTROUTING -p gre -s '172.16.16.1/24' -o vmbr0 -j MASQUERADE
 
auto vmbr1
iface vmbr1 inet static
address 172.16.16.1
netmask 255.255.255.0
bridge_ports eth1
bridge_stp off
bridge_fd 0

Had same problem a year ago, and bridging with eth1 worked. Try this setting for vmbr1 > bridge_ports eth1
 
eht1 is the second card and it is not physically connected with the network and not active in the proxmox interface. Nevertheless I tried changing both bridge_ports to eth1, and after that eth0. It is still not conecting. At some point the error message changed from 807, which says basically can not find host.
As it is possible that the company firewall blocks the vpn, I think that I should have to test it somehow in order to se sure that this is not a windows or vmware problem. I can ping the host address from the virtual client but how could i ping the virtuall server ?
 
I connected them. On both bridges the same NIC, this would be eth0. No idea what else I could do or how could make any more test, there are so many points of error by this connection.
 
a bridge is a simple, SIMPLE, hub
if the two vm can see the bridge indipendently from the lan position
right or left inside hypervisor or outside no problem:

ONLY ON THE SAME BRIDGE
 
diaolin said:
a bridge is a simple, SIMPLE, hub
if the two vm can see the bridge indipendently from the lan position
right or left inside hypervisor or outside no problem:

ONLY ON THE SAME BRIDGE
Click to expand...

Unfortunately direct connection to one bridge is not possible. I am not allowed to mess with the company network. I only have a server with virtual machines and client with virtual clients. I can make changes only to the debian or the virtual machines, but not with the physical network. Anyway, thank you for trying to help :)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back