Hello guys,
Couldn't delete this post, so I corrected it in place.
got a "little" issue with 1:1 Nat on pfsense/opnsense, feels like one little piece on the proxmox side is missing. I hope someone can point me into the right direction.
From hetzner, I ordered a second public IP address, which should be only used for one VM with BigBlueButton on it.
On one of my Proxmox nodes, I'm using the following network/interfaces conf, which routes almost everything to my firewall, except the specified tcp (22,8006,179) and upd (5405:5412,4789) ports:
So this network/interfaces conf file only contains the main public IP address in enp0s31f6. I hope that's correct so far. Don't know if I have to add anything here for the second public IP? Yes, the second IP has to be setup in the network/interfaces file.
I've just done the following so far in pfsense/opnsense:
1. Setup a virtual IP
2. Setup 1:1 NAT
As a background info, my current setup contains port forwardings, e.g. which forward all 443 traffic to my traefik proxy VM:
I have the following where source address is "*", so everything on 443 was forwarded to traefik.
The idea is everything which is accessing the server on Port 443 from the main public IP should be redirected to traefik proxy. And if accessing 443 from the second public IP it should simply be redirected to the BBB VM.
Couldn't delete this post, so I corrected it in place.
From hetzner, I ordered a second public IP address, which should be only used for one VM with BigBlueButton on it.
On one of my Proxmox nodes, I'm using the following network/interfaces conf, which routes almost everything to my firewall, except the specified tcp (22,8006,179) and upd (5405:5412,4789) ports:
Code:
auto lo
iface lo inet loopback
iface lo inet6 loopback
auto enp0s31f6
iface enp0s31f6 inet static
address 94.x.x.A
netmask 255.255.255.192
gateway 94.x.x.x
mtu 1500
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
up ip addr add 94.x.x.B/26 dev $IFACE label $IFACE:0
down ip addr del 94.x.x.B/26 dev $IFACE label $IFACE:0
post-up iptables -t nat -A PREROUTING -i enp0s31f6 -p tcp -d 94.x.x.A -m multiport ! --dport 22,8006,179 -j DNAT --to 10.10.10.2
post-up iptables -t nat -A PREROUTING -i enp0s31f6 -p udp -d 94.x.x.A -m multiport ! --dport 5405:5412,4789 -j DNAT --to 10.10.10.2
post-up iptables -t nat -A PREROUTING -i enp0s31f6 -d 94.x.x.B -j DNAT --to 10.10.10.3
iface enp0s31f6 inet6 static
address 2a01:x:x:x::2
netmask 64
gateway fe80::1
auto vmbr10
iface vmbr10 inet static
address 10.10.10.1/29
bridge-ports none
bridge-stp off
bridge-fd 0
post-up iptables -t nat -A POSTROUTING -s '10.10.10.2/32' -o enp0s31f6 -j SNAT --to-source 94.x.x.A
post-down iptables -t nat -D POSTROUTING -s '10.10.10.2/32' -o enp0s31f6 -j SNAT --to-source 94.x.x.A
post-up iptables -t nat -A POSTROUTING -s '10.10.10.3/32' -o enp0s31f6 -j SNAT --to-source 94.x.x.B
post-down iptables -t nat -D POSTROUTING -s '10.10.10.3/32' -o enp0s31f6 -j SNAT --to-source 94.x.x.B
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
# WAN - Proxmox LAN
iface vmbr10 inet6 static
address 2a01:x:x:x::3/127
up ip route add 2a01:x:x:x::/64 via 2a01:x:x:x::4
auto vmbr11
iface vmbr11 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0
# VM Net
source /etc/network/interfaces.d/*I've just done the following so far in pfsense/opnsense:
1. Setup a virtual IP
Code:
Virtual IP: 94.x.xx.B/29 Interface: WAN Type: IP Alias2. Setup 1:1 NAT
Code:
Interface: WAN External: 94.xx.xx.b/32 Internal: 10.x.x.57 Destination: *As a background info, my current setup contains port forwardings, e.g. which forward all 443 traffic to my traefik proxy VM:
I have the following where source address is "*", so everything on 443 was forwarded to traefik.
Code:
Interface: WAN Proto: TCP/UDP Source addr: * Source ports: * Dest address: 10.10.10.3 Dest ports: * NAT IP: 10.x.x.57 NAT ports: *
Interface: WAN Proto: TCP/UDP Source addr: * Source ports: * Dest address: WAN address Dest ports: 443 (HTTPS) NAT IP: 10.x.x.32 NAT ports: 4430The idea is everything which is accessing the server on Port 443 from the main public IP should be redirected to traefik proxy. And if accessing 443 from the second public IP it should simply be redirected to the BBB VM.
Last edited: