in second-last line
iptables -t nat -A PREROUTING -i vmbr1 -p tcp --dport 1234 -j DNAT --to 192.168.1.2:22
can u try this?, you need to specify the interface I think.
@Abdullah said:
in second-last line
iptables -t nat -A PREROUTING -i vmbr1 -p tcp --dport 1234 -j DNAT --to 192.168.1.2:22
can u try this?, you need to specify the interface I think.
@Abdullah said:
in second-last line
iptables -t nat -A PREROUTING -i vmbr1 -p tcp --dport 1234 -j DNAT --to 192.168.1.2:22
can u try this?, you need to specify the interface I think.
@cybertech said: This worked for me, does it do the same thing?
Lines starting with post-up/down should be placed inside /etc/network/interfaces. They indicate what command is going to be executed when interface is brought up/down; -A means add, -D means delete. As for the POSTROUTING - I'm not sure how would it be useful.
E: You will want to execute what's past post-up to apply the rule immediately (as described in the tutorial).
Hey hi, anyone can point me to a guide on adding IPv6 to openvz containers. I tried many approaches but I suspect firewalld messes with ipv6. Anyone can share their experience?
Does anyone have any opinions on using ufw on the proxmox host vs using the built in firewall (for host protection)? I'm using ufw at the moment but it's a little clunky so considering switching to use the built in firewall. Either that or grabbing a second IP and using virtualised pfsense...
Than=compare;then=sequence:brought=bring;bought=buy:staffs=pile of sticks:informations/infos=no plural. It wisnae me! A big boy done it and ran away. || NVMe2G for life! until death (the end is nigh).
Comments
I just have a separate bridge for NAT VMs.
Anything else needed to be done on the NAT VM?
I bench YABS 24/7/365 unless it's a leap year.
I just get a second IPv4 address, and give it to pfSense, and let it do NAT.
Just set the netmask and put in an IP from the internal subnet in the network config, and you should be golden.
That's what I do at home too (except the second IP).
I kinda did that too, just gonna try again heh. Thanks.
I bench YABS 24/7/365 unless it's a leap year.
If it didn't work, try pinging the IP that's assigned to the bridge.
ping internal IP from the host?
I bench YABS 24/7/365 unless it's a leap year.
Whoops, I mean, ping the IP from the VM. That same IP should also be the gateway for the network config inside the VM.
Who is the provider? What is the Server?
@cybertech's guide should cover it. That's all you need to do.
https://cyberpersons.com/2016/07/27/setup-nat-proxmox/
https://webhorizon.net
Thanks everyone for the guides, read all of them and could get my NAT VM to access internet.
Now for accessing SSH NAT VM via port 1234 from outside, I'm stuck. is this correct?
auto vmbr1 iface vmbr1 inet static address 192.168.1.1/24 bridge-ports none bridge-stp off bridge-fd 0 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j SNAT --to (my public IPv4) post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j SNAT --to (my public IPv4) post-down echo 0 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -p tcp --dport 1234 -j DNAT --to-destination 192.168.1.2:22 iptables -t nat -A POSTROUTING -p tcp --sport 22 -s 192.168.1.2 -j SNAT --to-source (my public IPv4):1234I bench YABS 24/7/365 unless it's a leap year.
in second-last line
iptables -t nat -A PREROUTING -i vmbr1 -p tcp --dport 1234 -j DNAT --to 192.168.1.2:22
can u try this?, you need to specify the interface I think.
https://webhorizon.net
Tried, does not seem to work.
I bench YABS 24/7/365 unless it's a leap year.
Main interface not the bridge.
Free NAT KVM | Free NAT LXC
Try this:
Whups, looks like you have the exact same config. It should just work, make sure that there's nothing blocking 1234 on the host.
After couple of tries finally got in! woohoo
thanks all!
I bench YABS 24/7/365 unless it's a leap year.
@cybertech you can also use this guide as reference: https://mrpsycho.pl/cheatsheets/Proxmox-on-OVH-Kimsufi-behind-single-IP-NAT/
It's pretty well written and that's how I did when I was running my Hetzner dedi.
This worked for me, does it do the same thing?
I bench YABS 24/7/365 unless it's a leap year.
it does look complete, gonna boobmark it
I bench YABS 24/7/365 unless it's a leap year.
Oh, hi
Thank you.
Lines starting with post-up/down should be placed inside /etc/network/interfaces. They indicate what command is going to be executed when interface is brought up/down; -A means add, -D means delete. As for the POSTROUTING - I'm not sure how would it be useful.
E: You will want to execute what's past
post-upto apply the rule immediately (as described in the tutorial).Hey hey. Thanks for the write-up, it really helped me a lot and I always link it when someone asks for NAT setup in Proxmox, I hope you don't mind.
Hey hi, anyone can point me to a guide on adding IPv6 to openvz containers. I tried many approaches but I suspect firewalld messes with ipv6. Anyone can share their experience?
https://webhorizon.net
Does anyone have any opinions on using ufw on the proxmox host vs using the built in firewall (for host protection)? I'm using ufw at the moment but it's a little clunky so considering switching to use the built in firewall. Either that or grabbing a second IP and using virtualised pfsense...
UFW - yuk! Thought that was only a Ubuntu thing (plus Linux Mint desktop.)
CSF.
Than=compare;then=sequence:brought=bring;bought=buy:staffs=pile of sticks:informations/infos=no plural.
It wisnae me! A big boy done it and ran away. || NVMe2G for life! until death (the end is nigh).
force of habit with Ubuntu boxen I was stuck using. Ended up just rebuilding and using the Proxmox built in fw and all is good in the pve world
https://github.com/Ne00n/NanoKVM-Tools
Free NAT KVM | Free NAT LXC