Using 2 public IP addresses on Proxmox running Hotspot VM

[JLK]

Hello, I need some assistance with the Proxmox-VE-7.1 setup on a Dedicated Root Server in the cloud (Hetzner). It's running a Hotspot VM...

When the cafe / lobby customer switches on the WiFi by SSID, a browser will open for authentication by the Hotspot VM. Upon authentication, the server will send some images & / or videos...

Do I need a second public IP address to be able to receive incoming traffic (authentication) from users? How is that setup?

I haven't tested this setup yet, so I'm not sure it works...

Any advice / assistance is appreciated.

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

iface lo inet6 loopback

auto enp4s0
iface enp4s0 inet static
address 176.bbb.ccc.137/27
gateway 176.bbb.ccc.129
# up route add -net 176.bbb.ccc.128 netmask 255.255.255.224 gw 176.bbb.ccc.129 dev enp4s0
# route 176.bbb.ccc.128/27 via 176.bbb.ccc.129

iface enp4s0 inet6 static
address 2a01:bbb:ccc:38a::2/64
gateway fe80::1

iface eth0 inet manual

auto vmbr0
#private sub network
iface vmbr0 inet static
address 192.bbb.ccc.1/24
bridge-ports none
bridge-stp off
bridge-fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
post-up iptables -t nat -A POSTROUTING -s '192.bbb.ccc.1/24' -o enp4s0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.bbb.ccc.1/24' -o enp4s0 -j MASQUERADE

 

[bobmc]

This is possible if you configure DNAT to allow incoming traffic to reach one of your hosts

Personally, I would consider installing a VM using pfSense or OpnSense or similar to set this up as I find them easier to configure, but you could also achieve the same result with iptables - e.g
post-up iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 80 -j DNAT --to 192.bbb.ccc.ddd:80