Skip to content

Instantly share code, notes, and snippets.

@valorad

valorad/proxmox-NAT.md

Last active January 1, 2022 20:27
Show Gist options
  • Save valorad/68abc208739e19d1a99b7924a73b8acf to your computer and use it in GitHub Desktop.
Save valorad/68abc208739e19d1a99b7924a73b8acf to your computer and use it in GitHub Desktop.
Download ZIP
Proxmox create NAT network
Raw
proxmox-NAT.md

Version: PVE 7.1

Configure a NAT with Internet access (forwarding to existing interface)

## /etc/network/interfaces

auto lo
iface lo inet loopback

iface enp42s0 inet manual

# Existing one created by default:
auto vmbr0
iface vmbr0 inet static
        address 192.168.1.233/24
        gateway 192.168.1.1
        bridge-ports enp42s0
        bridge-stp off
        bridge-fd 0

iface wlo1 inet manual

# Newly created NAT
auto vmbr1
iface vmbr1 inet static
        address 10.10.10.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE # note: link it to vmbr0
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE

Example for outside world to access an VM using NAT interface.

VM static IP: 10.10.10.10

# Run these from HOST machine
# ssh
iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 10022 -j DNAT --to 10.10.10.10:22
# samba share
iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 445 -j DNAT --to 10.10.10.10:445

Make iptables persistent.

apt install iptables-persistent
# Select `Yes, Yes` during installation

Run this if additional changes are added later.

iptables-save > /etc/iptables/rules.v4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment