Using a container (or VM) as a "router"

A

aleksdj

Member
May 1, 2019
8
0
6
44
Hi there, in the typical Hosting configuration of "1 only public IP", I know how to make a second "NAT" network using a second virtual bridge (typically vmbr1) in the Proxmox host and routing the outcoming traffic through the first bridge with public ip (typically vmbr0). That's a "working good" static configuration.

However when you want to deal with incoming traffic and port forwarding, I don't like to deal with the host to change its iptables (to port-forward traffic) every time I add a new LXC or VM in proxmox, so my question is:

Does somebody know how to make a kind of "router" LXC (or VM if it's not possible with LXC) so that it acts as the real bridge between the public network and the private containers and all the porf-forwarding configurations are done in this particular container?

I have done this in VirtualBox creating a "public NAT" network, and creating a router VM with an interface connected to public bridge adapter em1 and another one attached to the NAT network.



After that, the VMs are connected/attached to the NAT network. And all configurations are done in the "router" VM. thanks
 
aleksdj said:
Does somebody know how to make a kind of "router" LXC (or VM if it's not possible with LXC) so that it acts as the real bridge between the public network and the private containers and all the porf-forwarding configurations are done in this particular container?
Click to expand...

Create another, additional, bridge - no address for that needed - e.g., vmbr1.

Create a VM or CT (both should work), and add two network devices, one with the internet accessible vmbr0 and one with the "local network" (LAN) vmbr1.

In the VM/CT then configure your stack, i.e. setup NAT/masquerading with the first network device as WAN and the second as LAN port, add DHCP if you like, bind it to the second NIC.

Then, if you create new VMs or CTs select the LAN bridge, vmbr1, for their network devices, they then should route all traffic over the router VM/CT. In this case you only need a single public IP for the router VM/CT.
One could optimize that requirement away, but then you either need to add host rules for the router VM/CT (but only for that one), or let the host go itself over the router VM for internet access.
 
  • Like
Reactions: aleksdj
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back