Proxmox: Access web server's guest

Question

I explain you my configuration :

a server with Debian 8 and Proxmox installed. It has a local address (eth0 : 10.0.0.100) and access Internet via a proxy ;
a guest with Centos 7, with an address in 192.168.0.100. I gave it all the proxy configuration and it can access Internet without problem.

The local network between Proxmox host and Centos guest is via the vmbr0 interface on the host (192.168.0.254).

My goal is to access any VM from the 10.0.0.0 network. For example, no problem to access the 10.0.0.100 machine in SSH. With the good NAT rule, no problem to access the 192.168.0.100 in SSH.

But my problem is the following : when I want to access the web server (Foreman) installed on the CentOS guest, impossible to access it from the 10.0.0.0 network. The Foreman admin page is accessible by the following : https://foreman.mycompany.org (for example). I have configured the /etc/hosts file in order to map the 192.168.0.100 to the domain name foreman.mycompany.org. From the 10.0.0.100 machine, with lynx : no problem, the Foreman admin page appears. But from any 10.0.0.0 network machine, no way to access the page.

I have tried many NAT rule via iptables, reverse proxy via apache2 : no solution worked. :/

Have you an idea, please?

My host configuration :

~# iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             192.168.0.0/24       state NEW,RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

~# iptables -t nat -L

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  192.168.0.0/24       anywhere
DNAT       tcp  --  anywhere             anywhere             tcp dpt:2222 to:192.168.0.100:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:https to:192.168.0.100:443

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  192.168.0.0/24       anywhere

My reverse proxy conf :

<IfModule mod_ssl.c>
 <VirtualHost *:443>
  ErrorLog /var/log/apache2/error.log
  CustomLog /var/log/apache2/access.log combined
  <Proxy https://foreman.mycompany.org/>
   Order Deny,Allow
   Allow from all
  </Proxy>
  ServerName foreman.mycompany.org
  ProxyRequests Off
  ProxyPass / https://foreman.mycompany.org/
  ProxyPassReverse / https://foreman.mycompany.org/
 </VirtualHost>
</IfModule>

Thank you in advance for your help !

score 0 · Answer 1 · answered Jan 12 '17 at 15:21

0

I solved the problem thanks to the IRC channel of proxmox : I have to listen for the prerouting iptables rule on eth0 interface and not vmbr0, because they're not attached.

answered Jan 12 '17 at 15:21

user394622

1

Proxmox: Access web server's guest

1 Answers1