Proxmox VE – One Public IP, add internal vmbr ip (masquerade & NAT)

nano /etc/network/interfaces

# append to /etc/network/interfaces:
# make 10.21.21.5:22 accesible via 2222 port
auto vmbr2
iface vmbr2 inet static
    address 10.21.21.254
    netmask 255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s '10.21.21.0/24' -o vmbr0 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '10.21.21.0/24' -o vmbr0 -j MASQUERADE
    post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to 10.21.21.5:22
    post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to 10.21.21.5:22

nano /etc/sysctl.conf
net.ipv4.ip_forward=1    # Add this line or uncoment it

# Restart networking:
/etc/init.d/networking restart

# check NAT rules:
iptables -t nat -L

If you for example want to expose tcp port 80 of a VM with IP 10.21.21.6 on the public IP’s port 80, you should also add these lines:

post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 10.21.21.6:80
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 10.21.21.6:80

In proxmox container network config:

IPv4/CIDR:   10.21.21.5/24
gateway:     10.21.21.254
bridge:      vmbr2

Enter to internal container console id=100:

pct enter 100

#Install ssh (not installed by default in lxc centos 6 image)
yum install openssh-server
chkconfig sshd on
service sshd start

Sources:
https://raymii.org/s/tutorials/Proxmox_VE_One_Public_IP.html
https://coderwall.com/p/k0gutq/clean-lxc-nat-configuration-debian-wheezy
https://mrkmg.com/posts/2016/01/proxmox-4-with-single-public-ip-private-network/
https://github.com/lxc/lxc-ci/blob/master/templates/centos.json

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s