Sunday, April 23, 2017

iptables - Port forwarding from a single public ip for VM Client ( proxmox under debian )




I have a port forwarding problem with Proxmox under Debian.



I have two interfaces ( eth0 and vmbr2 ), how can I access to my client VM ( web server ) from external network by forwarding from a single public IP ?



I did some bad configuration I think on /etc/network/interfaces



Here's my interfaces : 



auto eth0

iface eth0 inet static
        address  xxx.xxx.xxx.xxx
        netmask  255.255.255.224
        gateway  xxx.xxx.xxx.xxx
        up route add -net xxx.xxx.xxx.xxx netmask 255.255.255.224 gw xxx.xxx.xxx.xxx eth0


end for vmbr2 interface : 



auto vmbr2

#private sub network
iface vmbr2 inet static
        address  192.168.100.254
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '192.168.100.0/24' -o eth0 -j ACCEPT

        post-down iptables -t nat -D POSTROUTING -s '192.168.100.0/24' -o eth0 -j ACCEPT

        post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2222 -j DNAT --to 192.168.100.6:22
        post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 2222 -j DNAT --to 192.168.100.6:22


Thank you very much for your help


Answer



Just replace "ACCEPT" to "MASQUERADE" in the POSTROUTING rule.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...