Hey folks,
I have a strange problem with my Proxmox instance which is hosted on Hetzner. I am using HAProxy for SSL termination and a pihole with pivpn for easy wireguard. I am also running a bookstack for wiki things and more. Problem is, I can access everything and connect to my VPN, my VMs can access the internet and load updates and everything. The only thing not working is access from my VMs to my own websites which is quite annoying as I can't access anything I host when using my VPN.
Here is my network config and my firewall rules.
I am quite sure the problem is firewall related as I am now at the point where my packets don't get dropped anymore but I get a connection refused with curl. There may be some useless rules above as I am trying some things but it does not seem to work. Any help is appreciated!
I have a strange problem with my Proxmox instance which is hosted on Hetzner. I am using HAProxy for SSL termination and a pihole with pivpn for easy wireguard. I am also running a bookstack for wiki things and more. Problem is, I can access everything and connect to my VPN, my VMs can access the internet and load updates and everything. The only thing not working is access from my VMs to my own websites which is quite annoying as I can't access anything I host when using my VPN.
Here is my network config and my firewall rules.
Code:
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
iface lo inet6 loopback
auto enp41s0
iface enp41s0 inet static
address PUBLIC_IP/26
gateway PUBLIC_GATEWAY
up route add -net PUBLIC_NET netmask 255.255.255.192 gw PUBLIC_GATEWAY dev enp41s0
# route PUBLIC_NET/26 via PUBLIC_GATEWAY
auto vmbr1
iface vmbr1 inet static
address 10.1.1.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.1.1.0/24' -o enp41s0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.1.1.0/24' -o enp41s0 -j MASQUERADE
#vm internal network
Code:
sudo iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N f2b-proxmox
-N f2b-sshd
-A INPUT -p tcp -m multiport --dports 443,80,8006 -j f2b-proxmox
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT
-A INPUT -i vmbr1 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i vmbr1 -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A f2b-proxmox -j RETURN
-A f2b-sshd -j RETURN
sudo iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A PREROUTING -i enp41s0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.1.1.4:80
-A PREROUTING -i enp41s0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.1.1.4:443
-A PREROUTING -i enp41s0 -p tcp -m tcp --dport 1935 -j DNAT --to-destination 10.1.1.13:1935
-A PREROUTING -i enp41s0 -p udp -m udp --dport 61194 -j DNAT --to-destination 10.1.1.5:61194
-A OUTPUT -d PUBLIC_IP/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.1.1.4:80
-A OUTPUT -d PUBLIC_IP/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.1.1.4:443
-A POSTROUTING -s 10.1.1.0/24 -o enp41s0 -j MASQUERADEI am quite sure the problem is firewall related as I am now at the point where my packets don't get dropped anymore but I get a connection refused with curl. There may be some useless rules above as I am trying some things but it does not seem to work. Any help is appreciated!