Hello
I've been using VM's configured with ovh failover ips / virtual mac generated in ovh and everything works with no problems
but i can not configure iptables rules to the VM's in my dedicated server (i only can configure it in VM's iptables).
The thing is, i want to configure VM's with internal ips (192.168.1.xx) so i can easly
manage iptables rules to each VM and access them by external ip (ovh failover ip).
All my LXC containers work this way with no problems, but i can't do the same to my VM's.
It is possible to configure the way i want?
System: Proxmox 7 (latest version)
/etc/network/interfaces config:
Iptables rules:
Someone can help?
I've been using VM's configured with ovh failover ips / virtual mac generated in ovh and everything works with no problems
but i can not configure iptables rules to the VM's in my dedicated server (i only can configure it in VM's iptables).
The thing is, i want to configure VM's with internal ips (192.168.1.xx) so i can easly
manage iptables rules to each VM and access them by external ip (ovh failover ip).
All my LXC containers work this way with no problems, but i can't do the same to my VM's.
It is possible to configure the way i want?
System: Proxmox 7 (latest version)
/etc/network/interfaces config:
Code:
auto lo
iface lo inet loopback
iface lo inet6 loopback
auto enp1s0
iface enp1s0 inet manual
auto vmbr0
iface vmbr0 inet static
address 193.70.xx.xx/24
gateway 193.70.xx.254
bridge-ports enp1s0
bridge-stp off
bridge-fd 0
hwaddress a0:36:9f:d3:xx:xx
iface vmbr0 inet6 static
address 2001:41d0:303:xxx::2/64
gateway 2001:41d0:303:xxx::1
up ip addr add 192.168.1.1/24 dev vmbr0
down ip addr del 192.168.1.1/24 dev vmbr0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o enp1s0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o enp1s0 -j MASQUERADEIptables rules:
Code:
###########################################################
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
### LXC 1 ###
-A PREROUTING -d 87.98.xxx.xx/32 -i vmbr0 -p tcp -m tcp --dport 22 -j DNAT --to-destination 192.168.1.3:22
### LXC 2 ###
-A PREROUTING -d 141.95.xxx.xx/32 -i vmbr0 -p tcp -m tcp --dport 22 -j DNAT --to-destination 192.168.1.4:22
### LXC 3 ###
-A PREROUTING -d 146.59.xxx.xx/32 -i vmbr0 -p tcp -m tcp --dport 22 -j DNAT --to-destination 192.168.1.5:22
### LXC 4 ###
-A PREROUTING -d 5.196.xxx.xx/32 -i vmbr0 -p tcp -m tcp --dport 22 -j DNAT --to-destination 192.168.1.6:22
### DATACENTER NAT IPS ROUTING ###
-A POSTROUTING -s 192.168.1.3 -j SNAT --to-source 87.98.xxx.xx
-A POSTROUTING -s 192.168.1.4 -j SNAT --to-source 141.95.xxx.xx
-A POSTROUTING -s 192.168.1.5 -j SNAT --to-source 146.59.xxx.xx
-A POSTROUTING -s 192.168.1.6 -j SNAT --to-source 5.196.xxx.xx
-A POSTROUTING -s 192.168.1.0/24 -o enp1s0 -j SNAT --to-source 193.70.xx.xx
-A POSTROUTING -s 192.168.1.0/24 -o vmbr0 -j MASQUERADE
COMMIT
###########################################################
*mangle
:PREROUTING ACCEPT [1502:203939]
:INPUT ACCEPT [909:158403]
:FORWARD ACCEPT [119:8216]
:OUTPUT ACCEPT [831:289910]
:POSTROUTING ACCEPT [950:298126]
COMMIT
###########################################################
*raw
:PREROUTING ACCEPT [138:18174]
:OUTPUT ACCEPT [215:33630]
COMMIT
###########################################################
*filter
:INPUT ACCEPT [129:17454]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [215:33630]
-A FORWARD -i enp1s0 -o vmbr0 -j ACCEPT
COMMIT
###########################################################Someone can help?
Last edited:
