VM Can't Browse From Internet

mhakim

Member
Oct 1, 2021
26
2
8
43
Hi all,

I need to escalate this to the forum since I've tried and still confusing.
My network configuration like this :



I can ping the domain name from the internet and also can browse the web from the LAN :



Anyone can help?
 
Last edited:
I want to access my vm from outside.

my proxmox has ip public, and every vm in my proxmox using local ip. I've done the port forwarding using iptables, but still can't access the vm
 
my proxmox has ip public, and every vm in my proxmox using local ip. I've done the port forwarding using iptables, but still can't access the vm

please show your /etc/network/interfaces file.

I want to access my vm from outside.
which service of your VM are you trying to access? have you forwarded the necessary port for that service to your VM's internal IP address using iptables?

how are you checking the connection to your VM? what error are you getting?

have you checked your firewall configuration?
 
this is my /etc/network/interface :

Code:
auto lo
iface lo inet loopback

auto enp1s0
iface enp1s0 inet manual

auto enp2s0
iface enp2s0 inet manual

iface enp3s0 inet manual

iface enp4s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.100.122/24
        bridge-ports enp1s0
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address 202.56.163.123/29
        gateway 202.56.163.122
        bridge-ports enp2s0
        bridge-stp off
        bridge-fd 0

and this is my iptables rules :
Code:
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    DNAT       tcp  --  anywhere             host.56.163.123.varnion.com  tcp dpt:8181 to:192.168.100.5:8181
2    DNAT       tcp  --  anywhere             host.56.163.123.varnion.com  tcp dpt:22222 to:192.168.100.5:22
3    DNAT       tcp  --  anywhere             host.56.163.123.varnion.com  tcp dpt:2022 to:192.168.100.7:22
4    DNAT       tcp  --  anywhere             host.56.163.123.varnion.com  tcp dpt:8484 to:192.168.100.7:8083
5    DNAT       tcp  --  anywhere             host.56.163.123.varnion.com  tcp dpt:8282 to:192.168.100.7:80
6    DNAT       tcp  --  anywhere             host.56.163.123.varnion.com  tcp dpt:8585 to:192.168.100.7:443
7    DNAT       tcp  --  anywhere             host.56.163.123.varnion.com  tcp dpt:8989 to:192.168.100.9:443
8    DNAT       tcp  --  anywhere             host.56.163.123.varnion.com  tcp dpt:8182 to:192.168.100.9:80
9    DNAT       tcp  --  anywhere             host.56.163.123.varnion.com  tcp dpt:12321 to:192.168.100.9:12321
10   DNAT       tcp  --  anywhere             host.56.163.123.varnion.com  tcp dpt:22223 to:192.168.100.9:22
11   DNAT       tcp  --  anywhere             host.56.163.123.varnion.com  tcp dpt:2222 to:192.168.100.4:2222
12   DNAT       tcp  --  anywhere             host.56.163.123.varnion.com  tcp dpt:8883 to:192.168.100.4:8883
13   DNAT       tcp  --  anywhere             host.56.163.123.varnion.com  tcp dpt:3128 to:192.168.100.4:3128
14   DNAT       tcp  --  anywhere             host.56.163.123.varnion.com  tcp dpt:2222 to:192.168.100.4:2223
15   DNAT       udp  --  anywhere             host.56.163.123.varnion.com  udp dpt:2222 to:192.168.100.4:2222
16   DNAT       udp  --  anywhere             host.56.163.123.varnion.com  udp dpt:2222 to:192.168.100.4:2223
17   DNAT       udp  --  anywhere             host.56.163.123.varnion.com  udp dpt:8883 to:192.168.100.4:8883
18   DNAT       tcp  --  anywhere             host.56.163.123.varnion.com  tcp dpt:8443 to:192.168.100.4:8443

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    MASQUERADE  all  --  host.56.163.120.varnion.com/29  anywhere
2    MASQUERADE  all  --  192.168.100.0/24     anywhere

I didnt'use any firewall, since the proxmox using public ip and connected to my mikrotik
 
so when you try to say reach port 8282 from outside with curl like curl your.ip.address.here:8282 you should be reaching your VM on 192.168.100.7:80. does that work?

i also see you have multiple rules for the same destination port on udp 2222 (can be conflicting).

how/where did you add your iptables rules?
you can try following the wiki example, and add your forwarding rules in /etc/network/interfaces into post-up of the interface.
maybe something like:
Code:
...
    bridge-fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s '192.168.100.0/24' -o enp1s0 -j MASQUERADE
    ...
    post-up iptables -t nat -A PREROUTING -i enp35s0 -p tcp --dport 8282 -j DNAT 192.168.100.7:80
    ...
 
so when you try to say reach port 8282 from outside with curl like curl your.ip.address.here:8282 you should be reaching your VM on 192.168.100.7:80. does that work?
not work

i also see you have multiple rules for the same destination port on udp 2222 (can be conflicting).
I've fixed it :



how/where did you add your iptables rules?
this is how I add the rule :
iptables -t nat -A PREROUTING -p udp -d 202.56.163.123 --dport 2223 -i vmbr1 -j DNAT --to-destination 192.168.100.4:2223
 
Last edited:
iptables -t nat -A PREROUTING -p udp -d 202.56.163.123 --dport 2223 -i vmbr1 -j DNAT --to-destination 192.168.100.4:2223
try using the enp2s0 interface instead of vmbr1 (since it's bridged to that)
 
btw.. how do i apply iptables rules without restart the proxmox?
if you have ifupdown2 installed you can try: ifreload -a (will reload the interface, if you have the post-up it should work)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!