0

I try to setup a proxmox node with an external ip class map to an internal ip class :

62.xxx.yyy.zzz/24 <--> 192.168.yyy.zzz/24

each external ip match on internal ip, so each VM got her own external ip. the proxmox host got is own external ip (outside the /24 range) and got a web access by himself.

if I use : # NAT table rules *nat :POSTROUTING ACCEPT [0:0]

# Forward traffic through eth0 - Change to match you out-interface
-A POSTROUTING -s 192.168.0.0/16 -o vmbr0 -j MASQUERADE

# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

all the VM with ip 192.168.x.x can access the web but with the ip address of the host.

If I change the -A POSTROUTING LINE with :

-A PREROUTING  -o vmbr0 -d 62.xxx.yyy.0/24 -j DNAT --to-destination 192.168.yyy.0/24
-A POSTROUTING -o vmbr1 -s 192.168.yyy.0/24 -j NETMAP DNAT --to-destination  62.xxx.yyy.0/24

I got an error for the DNAT destination not being an ip but a class, it seems that the NETMAP is not supported ...

any idea to point me to ?

Thanks !

Stéphane

Stéphane MERLE
  • 15
  • 1
  • 7
  • I did try this : [http://stackoverflow.com/questions/35222304/proxmox-kvm-routed-network-with-multiple-public-ips](http://stackoverflow.com/questions/35222304/proxmox-kvm-routed-network-with-multiple-public-ips) with no luck ... – Stéphane MERLE Mar 08 '17 at 14:53

1 Answers1

0

You should try using iptables 1:1 NAT.

You will need a rule like this:

iptables -t nat -A PREROUTING -i internet_interface -d 62.xxx.yyy.0/24 -j NETMAP --to 192.168.yyy.zzz/24

I think the link bellow will definetely help you to achieve your goal: https://serverfault.com/questions/109569/iptables-massive-11-nat

ufw is just an easy way to implement ip tables rules. In your case I think the best approach is to create your own iptables rules without using ufw or any other similar firewall utilities (on linux they are all based on iptables).

Bogdan Stoica
  • 4,349
  • 2
  • 23
  • 38