Trying to port forward

Ligan

New Member
Sep 16, 2021
7
1
3
34
Hi,

I've created an NGINX reverse proxy / web server but I just can't get it to work. I'm trying to use port 8091 since I've got PiHole on another VM on port 80.

My proxmox interfaces config file looks like below, I've got port forwarding on my router from 80 external to 8091 internal and the IP address of my Proxmox machine (not my Ubuntu VM as I think the iptables should forward it on right?)

I've turned the network device firewall off under the VM's hardware tab as well, I'm just really not sure what to do anymore. Port checker is showing port 80 closed as well.

I know the port 443 is commented out, I've been playing around with as many things as I can think of.

GNU nano 5.4 /etc/network/interfaces # network interface settings; autogenerated # Please do NOT modify this file directly, unless you know what # you're doing. # # If you want to manage parts of the network configuration manually, # please utilize the 'source' or 'source-directory' directives to do # so. # PVE will preserve these directives, but will NOT read its network # configuration from sourced files, so do not attempt to move any of # the PVE managed interfaces into external files! auto lo iface lo inet loopback iface enp0s31f6 inet manual auto vmbr0 iface vmbr0 inet static address 192.168.1.240/24 gateway 192.168.1.1 bridge-ports enp0s31f6 bridge-stp off bridge-fd 0 # VM-WEB HTTP 80:192.168.0.1:80 post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 8091 -j DNAT --to 192.168.1.254:8091 post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 8091 -j DNAT --to 192.168.1.254:8091 # VM-WEB HTTPS 443:192.168.0.1:443 #post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 192.168.0.1:443 #post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 192.168.0.1:443 iface wlp3s0 inet manual
 
Hi,

have you tried with --dport 8091 and --to <...>:80? But I'm not sure, because you did not provide too much information on your setup and goal with the DNAT. Perhaps a bit more context could help :)
 
Hi Lorenz,

Thank you for the reply.

Basically I'm trying to set up a web server on my "server" at home which is just a mini itx b560m mobo with 16gb ram and an intenl i10100 cpu.

What I've done is install Proxmox on the server, installed an Ubuntu VM and installed Nginx reverse proxy in a docker container. I've got a free domain name from Freenom. Since my router has a dynamic IP address I used a dynamic DNS service called No-IP to make it static. For my domain from Freenom I set the DNS to CNAME and pointed to this dynamic DNS which in turn points to my dynamic IP.

My router then forwards port 80 to 8091 at the IP address of my Proxmox server 192.168.1.240 (Nginx on my Ubuntu VM is set up on 8091 because I'm running PiHole on 80 in another VM). All my VM's are on vmbr0

I've confirmed my ISP doesn't block incoming on port 80 and I'm completely at a loose end with this , I really can't think of anything other than Proxmox port forwarding that'd cause my issues. I just want Proxmox to route incoming traffic from my webserver to my NGinx proxy.

Incoming port 80 mapped to Proxmox server 192.168.1.240 port 8091
Proxmox needs to map incoming port 8091 to Ubuntu server 192.168.1.254 (I think the logic should be right there)

That should hopefully then allow the docker container container running NGinx to route traffic


edit: I'd really like to figure out this iptables thing because the next thing will be setting up a VPN and I'll need to port forward for that as well
 
I think, I understand what your goal is now :) But wouldn't it be easier to let your router forward port 80 directly to 8091 on 192.168.1.254? In this case, the PVE would only act as a switch via vmbr0 and wouldn't have to bother with iptables port forwarding.
 
Definitely, I didn't think that was possible, I thought it had to be routed to Proxmox and then forwarded on! Wow. Appreciate that help Lorenz.

In that case how do I reset my iptables back to default? :(

Thank you so much
 
iptables -F -t nat should do it.

And don't forget to remove the post-up/-down statements from your network config ;)
 
iptables -F -t nat should do it.

And don't forget to remove the post-up/-down statements from your network config ;)
Hi ,
How about NAT network . like same config to port forward "web server" port 80, like this ? :

iface ens4 inet manual auto vmbr0 #private sub network iface vmbr0 inet static address 10.10.10.1/24 bridge-ports none bridge-stp off bridge-fd 0 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o ens4 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o ens4 -j MASQUERADE # Port-Forward to Web Server iptables -F -t nat -A PREROUTING -i vmbr0 -p tcp --dport 8080 -j DNAT --to 10.10.10.15:80 iptables -F -t nat -D PREROUTING -i vmbr0 -p tcp --dport 8080 -j DNAT --to 10.10.10.15:80

but try this is config for port forward web server is not showing LISTEN
1648576265865.png
this proxmox on cloud . dont know how to solve. can explain to me how to solve ? please :'(
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!