Proxmox Debian port forwarding

# server ip: 1.90
# Direct commands:
echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 5432 -j DNAT --to-destination 192.168.1.72:5432
iptables -t nat -A POSTROUTING -o vmbr1 -p tcp --dport 5432 -d 192.168.1.72 -j SNAT --to-source 192.168.1.90

iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 8080 -j DNAT --to-destination 192.168.1.91:8080
iptables -t nat -A POSTROUTING -o vmbr1 -p tcp --dport 8080 -d 192.168.1.91 -j SNAT --to-source 192.168.1.90

iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 8081 -j DNAT --to-destination 192.168.1.73:8080
iptables -t nat -A POSTROUTING -o vmbr1 -p tcp --dport 8080 -d 192.168.1.73 -j SNAT --to-source 192.168.1.90

Now permanent configs:

nano /etc/network/interfaces

Add an vmbr2 with virtual net mask, and then apply the iptables rules with up and down hooks:

auto vmbr2
iface vmbr2 inet static
    address 10.21.21.254
    netmask 255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s '10.21.21.0/24' -o vmbr0 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '10.21.21.0/24' -o vmbr0 -j MASQUERADE
    post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to 10.21.21.5:22
    post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to 10.21.21.5:22
	
	post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.71:80
	post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.71:80
	post-up iptables -t nat -A POSTROUTING -o vmbr1 -p tcp --dport 80 -d 192.168.1.71 -j SNAT --to-source 192.168.1.90
	post-down iptables -t nat -D POSTROUTING -o vmbr1 -p tcp --dport 80 -d 192.168.1.71 -j SNAT --to-source 192.168.1.90

        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 8080 -j DNAT --to-destination 192.168.1.91:8080
	post-up iptables -t nat -A POSTROUTING -o vmbr1 -p tcp --dport 8080 -d 192.168.1.91 -j SNAT --to-source 192.168.1.90
	post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 8080 -j DNAT --to-destination 192.168.1.91:8080
	post-down iptables -t nat -D POSTROUTING -o vmbr1 -p tcp --dport 8080 -d 192.168.1.91 -j SNAT --to-source 192.168.1.90
	
	post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 5432 -j DNAT --to-destination 192.168.1.72:5432
	post-up iptables -t nat -A POSTROUTING -o vmbr1 -p tcp --dport 5432 -d 192.168.1.72 -j SNAT --to-source 192.168.1.90
	post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 5432 -j DNAT --to-destination 192.168.1.72:5432
	post-down iptables -t nat -D POSTROUTING -o vmbr1 -p tcp --dport 5432 -d 192.168.1.72 -j SNAT --to-source 192.168.1.90
	
	post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 8081 -j DNAT --to-destination 192.168.1.73:8080
	post-up iptables -t nat -A POSTROUTING -o vmbr1 -p tcp --dport 8080 -d 192.168.1.73 -j SNAT --to-source 192.168.1.90
	post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 8081 -j DNAT --to-destination 192.168.1.73:8080
	post-down iptables -t nat -D POSTROUTING -o vmbr1 -p tcp --dport 8080 -d 192.168.1.73 -j SNAT --to-source 192.168.1.90

        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 8007 -j DNAT --to-destination 192.168.1.70:8006
	post-up iptables -t nat -A POSTROUTING -o vmbr1 -p tcp --dport 8006 -d 192.168.1.70 -j SNAT --to-source 192.168.1.90
	post-down iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 8007 -j DNAT --to-destination 192.168.1.70:8006
	post-down iptables -t nat -A POSTROUTING -o vmbr1 -p tcp --dport 8006 -d 192.168.1.70 -j SNAT --to-source 192.168.1.90

Restart networking:

/etc/init.d/networking restart
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s