83 lines
4.2 KiB
Plaintext
83 lines
4.2 KiB
Plaintext
How to setup NAT on Proxmox 8.0
|
|
|
|
https://blog.amitanvir.info/2023/how-to-setup-nat-on-proxmox-8-0/
|
|
|
|
Proxmox utilizes bridge networking in order to offer internet access to virtual machines. Furthermore, we need a public IP for each machine. In case we have access to only a certain number of IPs, we can utilize NAT in order to access the Internet on the machines.</p>
|
|
<p>However, it is recommended to have a static public IP while running public services. So, let's take a look at how to set up NAT on Proxmox to offer private networks to virtual machines.</p>
|
|
<p>This process involves the following steps:</p>
|
|
<ol>
|
|
<li>Create a bridge</li>
|
|
<li>Bring up the NAT bridge</li>
|
|
<li>Configure Virtual Machine</li>
|
|
<li>Port forwarding to access from the outside world</li>
|
|
</ol>
|
|
<p> </p>
|
|
<ol>
|
|
<li><strong> Setup NAT on Proxmox: Create a bridge</strong></li>
|
|
</ol>
|
|
<p>First, we will log in to the proxmox host ssh and run the following command:</p>
|
|
<pre>nano /etc/network/interfaces</pre>
|
|
<p>This command opens up the network configuration file.</p>
|
|
<pre># network interface settings; autogenerated
|
|
# Please do NOT modify this file directly, unless you know what
|
|
# you're doing.
|
|
#
|
|
# If you want to manage parts of the network configuration manually,
|
|
# please utilize the 'source' or 'source-directory' directives to do
|
|
# so.
|
|
# PVE will preserve these directives, but will NOT read its network
|
|
# configuration from sourced files, so do not attempt to move any of
|
|
# the PVE managed interfaces into external files!
|
|
|
|
auto lo
|
|
iface lo inet loopback
|
|
|
|
auto enp4s0
|
|
iface enp4s0 inet manual
|
|
post-up iptables-restore < /etc/iptables.up.rules
|
|
|
|
auto vmbr0
|
|
iface vmbr0 inet static
|
|
address AA.BB.CC.DD/28
|
|
gateway AA.BB.CC.GG
|
|
bridge-ports enp4s0
|
|
bridge-stp off
|
|
bridge-fd 0</pre>
|
|
<p>Next, paste the following at the end of the configuration file:</p>
|
|
<pre>auto vmbr1
|
|
#private sub network
|
|
iface vmbr1 inet static
|
|
address 192.168.1.1
|
|
netmask 255.255.255.0
|
|
bridge_ports none
|
|
bridge_stp off
|
|
bridge_fd 0
|
|
|
|
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
|
|
post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
|
|
post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE</pre>
|
|
<p>Here, <strong>vmbr0</strong> is the bridge name for NAT while <strong>vmbr1</strong> is the interface configured on the network file. We are setting <strong>bridge_ports</strong><br>
|
|
to none as we are not connecting to the outside world directly.</p>
|
|
<ol start="2">
|
|
<li><strong> Setup NAT on Proxmox: Bring up the NAT bridge</strong></li>
|
|
</ol>
|
|
<p>The next step involves using the command below to bring up the bridge we configured in the previous section:</p>
|
|
<pre>ifup vmbr2</pre>
|
|
<ol start="3">
|
|
<li><strong> Setup NAT on Proxmox: Configure Virtual Machine</strong></li>
|
|
</ol>
|
|
<p>This step involves configuring the virtual machine using the IP address. As There is no DHCP service we have to set a manual configuration.</p>
|
|
<ul>
|
|
<li>IP: 192.168.1.2</li>
|
|
<li>Netmask: 255.255.255.0</li>
|
|
<li>Gateway: 192.168.1.1</li>
|
|
</ul>
|
|
<p>We can use the following IPs for further virtual machines: 192.168.1.3 - 192.168.1.254 & Google DNS for DNS: 8.8.8.8 and 8.8.4.4</p>
|
|
<ol start="4">
|
|
<li><strong>Setup NAT on Proxmox: Port forwarding to access from the outside world</strong></li>
|
|
</ol>
|
|
<p>If we are working with a Linux guest, we can access ssh through the public IP of the main server. In this scenario, we will run the following command on proxmox host.</p>
|
|
<pre>iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 3033 -j DNAT --to 192.168.1.2:22</pre>
|
|
<p>In this example, we are forwarding host port 3033 to guest port 22. After that we will run the command below in order to access guest SSH:</p>
|
|
<pre>ssh -p 3033 root@AA.BB.CC.DD</pre>
|
|
<p>This command will prompt for the password. Once we enter the password, we can successfully connect to guest SSH.</p> |