SDN Nat Config via API

[zevrant]

I was wondering if maybe i'm bad at reading these days, but is there a method of performing NAT (source and dest) via the SDN purely through proxmox?

I really want to get rid of the need for a dedicated routing VM or manually configuring iptables, and have something exposed via the proxmox api.
I'm able to almost completely configure my cluster purely using api through a custom terraform/opentofu provider but network translation is the final sticking point that is really needed.

Currently I use pfsense to bridge the VXLAN to my 'hardware subnet' but that's not super easily configured by plopping down a base qemu image and a config file. Networking isn't my strong suit so I'm reluctant to go manual configuration route.

If not currently available, any idea when it might be?


I'm not trying to accomplish anything groundbreaking here as an example this is what i'm striving for. The best buzz word i'm striving for would probably be something like 'one click deploy'.

 

[nico1875p]

Hello !

is there a method of performing NAT (source and dest) via the SDN purely through proxmox?

Proxmox SDN only provides basic outbound SNAT in Simple Zones, so it doesn’t cover that use case today.

I really want to get rid of the need for a dedicated routing VM or manually configuring iptables, and have something exposed via the proxmox api.

In short, you’re looking for a cloud-style networking layer (Neutron/NSX-like): programmable NAT (SNAT + DNAT) exposed via API/Terraform, multi-node, without a dedicated router VM.
Proxmox SDN is roughly 30–35% of NSX today.

 

[zevrant]

Yeah that's what i'm looking for. I'm probably being impatient as programmable NAT is the only thing i'm missing for what i typically provide for network segregation for multi tenant applications since i typically lean heavily into mTLS outside of that, so more complicated stuff usually isn't needed unless i'm working with a large enough number of vms that ip exhastion becomes an issue.