Hi,
Does proxmox somehow store and restore the iptables firewall rules at reboot time?
I have this in my
but a few reboots later, I'm having this:
Does proxmox somehow store and restore the iptables firewall rules at reboot time?
I have this in my
/etc/network/interfaces, and somehow I keep ending up with more and more duplicate rules in the actual iptables:
Code:
iface vmbr0 inet static
address public-ip
gateway gateway-ip
post-up iptables -t nat -A PREROUTING -p tcp -i vmbr0 --dport 80 -j DNAT --to-destination 10.0.0.100
post-up iptables -t nat -A PREROUTING -p tcp -i vmbr0 --dport 443 -j DNAT --to-destination 10.0.0.100
post-up iptables -t nat -A PREROUTING -p tcp -i vmbr0 --dport 2222 -j DNAT --to-destination 10.0.0.100
pre-down iptables -t nat -D PREROUTING -p tcp -i vmbr0--dport 80 -j DNAT --to-destination 10.0.0.100
pre-down iptables -t nat -D PREROUTING -p tcp -i vmbr0 --dport 443 -j DNAT --to-destination 10.0.0.100
pre-down iptables -t nat -D PREROUTING -p tcp -i vmbr0 --dport 2222 -j DNAT --to-destination 10.0.0.100
bridge-ports ens3
bridge-stp off
bridge-fd 0but a few reboots later, I'm having this:
Bash:
# iptables -L PREROUTING -n -v -x -t nat
Chain PREROUTING (policy ACCEPT 144 packets, 10652 bytes)
pkts bytes target prot opt in out source destination
20064 1080143 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.0.0.100
13039 739953 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:10.0.0.100
10969 638154 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:10.0.0.100
0 0 DNAT 6 -- vmbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 to:10.0.0.100