[SOLVED] Port Forward All To LXC

L

lemel

New Member
May 14, 2023
14
0
1
I have an LXC with Nginx Proxy Forward set-up to manager traffic coming from ports 80, 57, 443, 8096, etc to different IP's pointing to other LXC's.
This works well when I edit the PVE host etc/network/interfaces and include this per port.
Bash: 
post-up iptables -t nat -A PREROUTING -i eno1 -p tcp --dport PORT -j DNAT --to 192.168.5.x:PORT
post-down iptables -t nat -D PREROUTING -i eno1 -p tcp --dport PORT -j DNAT --to 192.168.5.x:PORT

Is there a version of the above that can port forward everything? I wouldn't want to keep adding these lines every time I need to add a port forward.

I currently don't have ufw or any firewall installed.

Notes:
PVE Host: 192.168.1.x
PVE LXCs: 192.168.5.x

Bash: 
auto lo
iface lo inet loopback

auto eno1
iface eno1 inet static
        address 192.168.1.20/24
        gateway 192.168.1.1

auto vmbr1
iface vmbr1 inet static
        address 192.168.5.1
        netmask 255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '192.168.5.0/24' -o eno1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.5.0/24' -o eno1 -j MASQUERADE
       
post-up iptables -t nat -A PREROUTING -i eno1 -p tcp --dport PORT -j DNAT --to 192.168.5.x:PORT
post-down iptables -t nat -D PREROUTING -i eno1 -p tcp --dport PORT -j DNAT --to 192.168.5.x:PORT
# + more port forwards like the above
 
range port is available,
be careful to exclude 22 or 8006 or some other to keep access to host
Code: 
-m multiport --dports 1:21,23-8005,8008:65535
 
Last edited:
Here's what I winded up using, but it didn't work. Is the syntax off?

Code: 
post-up iptables -t nat -A PREROUTING -i eno1 -p tcp -m multiport --dports 1:21,23-8005,8008-65535 -j DNAT --to 192.168.5.x
post-down iptables -t nat -D PREROUTING -i eno1 -p tcp -m multiport --dports 1:21,23-8005,8008-65535 -j DNAT --to 192.168.5.x

post-up iptables -t nat -A PREROUTING -i eno1 -p udp -m multiport --dports 1:21,23-8005,8008-65535 -j DNAT --to 192.168.5.x
post-down iptables -t nat -D PREROUTING -i eno1 -p udp -m multiport --dports 1:21,23-8005,8008-65535 -j DNAT --to 192.168.5.x
 
@lemel Hello. I would like to know how you created the LXC that you mention. I want to implement the same for a dedicated server with a single public IP. Please.
 
HPerera said:
@lemel Hello. I would like to know how you created the LXC that you mention. I want to implement the same for a dedicated server with a single public IP. Please.
Click to expand...
I am playing around with a similar environment, but I wanted to use an SSH tunnel instead because I only want to forward HTTP / https traffic ( only two ports).

Answering your question, the container is just a container running any OS. What you really want to understand is the HTTP proxy. In my case, I am using the Nginx Proxy Manager ( free / open-source). You can search for it on YouTube, there are tutorials on how to set it up. Here is the direct link of their official guide
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom