Proxmox question
Hi gents
If I'm running proxmox on a VPS with one external IP, should I be going for a Routed or Masquerading NAT config?
https://pve.proxmox.com/wiki/Network_Configuration#_routed_configuration
Bit confused as to what routed config means by the additional IP block
you have a public IP (assume 198.51.100.5 for this example), and an additional IP block for your VMs (203.0.113.16/29)
I need some sort of port forwarding mechanism, so can't just be outgoing
Thanks
 
                             
                            
Comments
In this circumstance you would go for a masquerading setup since you need to follow proper IANA rules and use a internal IPv4 range behind your NAT (similar to your network at home) running on the Proxmox server itself. The example they give is perfectly fine to copy and paste into your config. You can then statically assign IPs to your VMs, or if you wanted to take it a step further, install dnsmasq and have it only hand out addresses to your VMs, changing the binding appropriately.
Masquerading also allows for port forwarding in this scenario. I got this just by doing a bit of searching around:
https://www.digitalocean.com/community/tutorials/how-to-forward-ports-through-a-linux-gateway-with-iptables
Here's an example that forwards port 80:
sudo iptables -A FORWARD -i eth0 -o eth1 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPTHopefully this is enough to get you started. iptables syntax can be very verbose and overwhelming but thankfully once you see what each flag does, it is quite human readable.
Best of luck!
Cheap dedis are my drug, and I'm too far gone to turn back.
Thanks Camo. I shall give that a shot tonight after work.
Must admit iptables is still a mystery to me
this is actually the answer to your question. literally.
no additional (external) IPs, no routed config.
Join the club
Cheap dedis are my drug, and I'm too far gone to turn back.
I always add a RouterOS VM and configure everything via that. Serves perfectly on 1GB disk and 512MB ram
OK finally got port forwarding to work...took a bit of trial & error
Nice work man! Glad you got it working.
Cheap dedis are my drug, and I'm too far gone to turn back.