New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
1. add a bridge with some private subnet to your /etc/network/interfaces like:
instead of postrouting to eth0 you might need to use vmbr0 instead if it exists, this depends on if and how you setup default bridges at all...
2a. add at least a rule to forward one port for use with ssh one those private IP:
as you can see you can match different external and internal ports as you need.
make sure to not use the external ports you need on the host itself - so better not forward port 22 itself if you are using it on the hostnode for ssh and not forward 8006 with proxmox etc. ;-)
2b. you can also forward multiple ports with one rule:
2c. you can also forward port ranges like this:
3. in proxmox panel create a guest VM and assign the bridge and IP you choose in the rules above via network settings like 10.0.0.2/24 and use the internal IP of the bridge like 10.0.0.1 as gateway...
that's it. you could also add and remove forwarding rules like the above directly via cli, it's just an iptables command. having them in /etc/network/interfaces via post-up/post-down makes them permanent. instead one could probably use other things like persistent iptables and so on - feel free to adapt to your needs ;-)
One question, " post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o eth0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.0.1/24' -o eth0 -j MASQUERADE" Is it a typo? for 10.0.0.0/24 in post-up but 10.0.0.1/24 in post-down
oh, sorry! yes you are right, it's a typo in the post-down line. it has to be 10.0.0.0/24 like on post-up, as it simply deletes the rule on network shutdown which has been added on network start.
(PS: can't edit my posting anymore)
If it's a just a simple port forward and you are using the nat mode then see https://www.lowendtalk.com/discussion/79241/proxmox-nat-port-forward-for-kvm
Following @Falzo 's rules will do the job. Just some additions:
First of all, uncomment this line to /etc/sysctl.conf:
net.ipv4.ip_forward=1
He suggested to use vmbr0 instead of eth0, I would say you should DEFINITELY follow this rule, adding a virtual interface to your host node, using proxmox. So, create a vmbr0 interface for using as the interface to your main ip and a vmbr1 for your nat ips:
Follow @Falzo 's guide for port forwarding to same ports (25 to 25 etc.) or for massing forwarding a range of ports. (Don't forget to restart network)
And if you want to reverse proxy a domain to your nat vps, so you don't have to use specific port in the address, install nginx to your host node and follow this configuration in your nginx domain config file (create in /etc/nginx/conf.d/ a file as mydomain.net.conf):
(assuming that your NAT vps you want to forward has the address 10.0.0.3)
P.S.:
If you create or use vmbr0, then, don't forget to modify Falzo's rules like this: