├── README.md ├── LICENSE └── etc └── network └── interfaces /README.md: -------------------------------------------------------------------------------- 1 | # hetzner-proxmox-nat 2 | Kleines Rep zur Konfiguration von Proxmox in Verbindung mit NAT. 3 | 4 | Hier beschreibe ich die Möglichkeit mehrere VMs mit nur einer Public IP zu nutzen. 5 | Dazu nutzen wir den Host als Router und erlauben das IP-Forwarding. 6 | 7 | Wichtig ist, dass für jede IP bzw. jeden Port, der nach außen erreichbar sein soll, eine Freigabe in der /etc/network/interfaces erfolgen muss! 8 | 9 | Bei jeder Änderung muss am besten ein Reboot von allen Systemen durchgeführt werden! 10 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 SOlangsam 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /etc/network/interfaces: -------------------------------------------------------------------------------- 1 | 2 | 3 | source /etc/network/interfaces.d/* 4 | 5 | auto lo 6 | iface lo inet loopback 7 | iface lo inet6 loopback 8 | 9 | auto eno1 10 | iface eno1 inet static 11 | address 12 | netmask 255.255.255.224 13 | gateway 14 | up route add -net 148.x.x.x netmask 255.255.255.224 gw 148.x.x.x dev eno1 15 | 16 | iface eno1 inet6 static 17 | address 2a01:x:x:x::x 18 | netmask 64 19 | gateway fe80::1 20 | 21 | ## Example of private network 22 | auto vmbr0 23 | iface vmbr0 inet static 24 | address 10.0.0.1 25 | netmask 30 26 | bridge_ports none 27 | bridge_stp off 28 | bridge_fd 0 29 | 30 | ##Allow IP Forwarding 31 | post-up echo 1 > /proc/sys/net/ipv4/ip_forward 32 | 33 | ##Internet 4 all VMs - Outgoing 34 | post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/30' -o eno1 -j MASQUERADE 35 | 36 | ##Allow Remote - Incoming 37 | post-up iptables -t nat -A PREROUTING -i eno1 -p tcp --dport 3389 -j DNAT --to 10.0.0.2:3389 38 | post-up iptables -t nat -A PREROUTING -i eno1 -p udp --dport 3389 -j DNAT --to 10.0.0.2:3389 39 | 40 | ##Allow SSH - Incoming 41 | post-up iptables -t nat -A PREROUTING -i eno1 -p tcp --dport 22 -j DNAT --to 10.0.0.3:22 42 | 43 | ## Delete all NAT rules 44 | post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/30' -o eno1 -j MASQUERADE 45 | post-down iptables -t nat -D PREROUTING -i eno1 -p tcp --dport 3389 -j DNAT --to 10.0.0.2:3389 46 | post-down iptables -t nat -D PREROUTING -i eno1 -p udp --dport 3389 -j DNAT --to 10.0.0.2:3389 47 | post-down iptables -t nat -D PREROUTING -i eno1 -p tcp --dport 22 -j DNAT --to 10.0.0.3:22 48 | 49 | --------------------------------------------------------------------------------