New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Forward all traffic from one external IPv4 to a VM on a remote machine
So I have one of the i3 Kimsufis from this thread:
http://lowendtalk.com/discussion/26936/kimsufi-4-99-euro-dedicated-server
I have a Proxmox set up on this i3 and several VM with NATed IPv4 (think of it like the LES offer)
As well as a VM from here (with 4 IPv4s):
http://lowendtalk.com/discussion/comment/573748/
Say the IPv4 I have on this VPS is 1.1.1.1-1.1.1.4
I am just wondering if it would be possible to forward all the incoming traffic from 1.1.1.1 to the 192.168.1.1 on the Kimsufi VM (which is the internal IP of the first VM I created on the i3)? And 1.1.1.2 to 192.168.1.2 and so on? Using IPTables or anything else that can be installed?
Comments
Gre tunmling might be the thing you are look for
I don't think you could point public IP to private IP, you should make public to public and then public to private. Lets say you have 1.1.1.1 on remote machine and ovh has IP 10.1.1.1 then you could point all traffic from 1.1.1.1 to 10.1.1.1 on some port that will forward traffic to private IP 192.168.1.1. You could do that with socat on server with 1.1.1.1 and iptables nat on host ovh 10.1.1.1. Not sure about gre tunnel havent used it.
Thats true, did this with US to NL and ping was ~150ms to Germany.
@zhuanyi
Jarland mentioned this to me when OVH.ca had the i3 special. Never tried it but should be similar.
http://wiki.buyvm.net/doku.php/gre_tunnel
I think it's at BHS
Sorry forgot to mention I had the BHS one.
I was hoping to have a one line for all solution rather than opening up ports individually...that would just make things a bit easier.
Can u do this with OpenVPN? That's what I was thinking of doing: setup OpenVPN server on the machine which has the IPs and provision them to the clients. Then VPN-in from the NAT-ed clients. Would that work?
edit: never mind, sorry I think I misinterpreted.
@elwebmaster
It would, but if clients need custom ports on there ip you need to manually add them (or create a custom control panel for them that will) and even if you get that working, dont forget the 4 ip's have a total of 100gb bandwidth to use, so if split up that will be 25 gb of bandwidth meaning no one would want that since you can get 1,000 gb for about $2-$3 a month unless your making a free vps host :-P
I don't know what the OP needs it for. My idea was to assign the public IPs to the VPN clients, then you won't need to do any port forwarding. If not, you can use iptables to forward all ports (except 22 on the main VPS IP), as mentioned in another thread.
My use case:
Forward port 21 & 22 from LA to IPv6-only NAT-ed VPS, have people connect through LA when managing/uploading but use NAT for outbound (i.e. don't eat up the LA bandwidth). Use CloudFlare as a reverse proxy for HTTP/HTTPs traffic to the IPv6 VPS, again not eating up LA bandwidth and protecting from DDOS. So then 100gb is just for SSH/FTP.
@elwebmaster
Sorry your right that was mostly for the OP, Your way sounds like a fun way of doing VPN :-) Lets us know if you end up doing it :-)
I am not sure if I fully understand what you mean, but I see the problem with OpenVPN is that I don't really have a machine running OpenVPN all the time (say for example in public libraries) and sometimes even if I do, there are places in this town (public internet cafe) that only allow http traffic.
What I am hoping for is for my backend BHS machine to be "transparent", i.e., as if I have a i3 machine sitting in LA with 4 IPs. I think tunneling is a good idea except as per another thread here, xvmlabs seems to have blocked it.
Just create a GRE tunnel, assign internal IPs and route all the traffic with some static routes through the GRE tunnel.
On the other side - that's a bad idea. You are looking at 150-200-300+ (depending on location) increase in ping from EU.
On the other side - that's a bad idea. You are looking at 150-200-300+ (depending on location) increase in ping from EU.
As I mentioned 2 posts up, the VPS I have 4 IPs on doesn't seem to allow GRE tunneling and the server is a BHS one, not RBX
Run OpenVPN server on the VPS, then run OpenVPN client on each of the VPS in BHS. Forward all ports on each IP to BHS OpenVPN internal IPs.
A reverse proxy such as HA Proxy would work.
Client -> Cali -> Canada