Hi Everyone,
I'm setting up my vm's with one public ip and an internal network. But i found a problem with curling to get data from the running webserver on one of the VM's. The VM can curl to the private ip and also to 'any' other public ip but, it can't curl to the public ip (of the server). So for example my domain wants to use the api of a subdomain (both on the same vm and have the same internal ip), thus it uses for example curl auth.domain.com and then it gives a timeout error. How can I solve this issue. I found a way such that if you ping from the private ip to the public ip it does work.
I found out that I should add additional SNAT rules on the Proxmox host that apply when then VM itself tries to send a packet to the public IP masking the sender IP (the VM) with its own IP so that when the packet is received by the VM (via DNAT) the VM thinks the Proxmox host is the sender and sends the answer back there.
But I don't know how to do that. Can anyone help me with that?
/etc/network/interfaces
I'm setting up my vm's with one public ip and an internal network. But i found a problem with curling to get data from the running webserver on one of the VM's. The VM can curl to the private ip and also to 'any' other public ip but, it can't curl to the public ip (of the server). So for example my domain wants to use the api of a subdomain (both on the same vm and have the same internal ip), thus it uses for example curl auth.domain.com and then it gives a timeout error. How can I solve this issue. I found a way such that if you ping from the private ip to the public ip it does work.
I found out that I should add additional SNAT rules on the Proxmox host that apply when then VM itself tries to send a packet to the public IP masking the sender IP (the VM) with its own IP so that when the packet is received by the VM (via DNAT) the VM thinks the Proxmox host is the sender and sends the answer back there.
But I don't know how to do that. Can anyone help me with that?
/etc/network/interfaces
Code:
auto lo
iface lo inet loopback
iface eno1 inet manual
iface eno2 inet manual
iface eno3 inet manual
iface eno4 inet manual
auto vmbr0
iface vmbr0 inet static
address XX.XX.XX.XX
netmask 255.255.255.0
gateway XX.XX.XX.
bridge-ports eno1
bridge-stp off
bridge-fd 0
auto vmbr1
iface vmbr1 inet static
address 10.10.10.1/24
netmask 255.255.255.0
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
# Port Forwarding
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 10.10.10.2:443
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 10.10.10.2:443
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 10.10.10.2:80
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 10.10.10.2:80