[PVE-User] Routing puzzle !
darquandier at gmail.com
Thu Apr 15 19:24:50 CEST 2010
Someone on the #openvz channel on Freenode suggested exactly the same, with
a something more :
On CT101 :
ip route add 126.96.36.199 dev eth0
And now everything's works fine !
On Thu, Apr 15, 2010 at 6:48 PM, Tobias Limmer <
tobias.limmer at informatik.uni-erlangen.de> wrote:
> Hi Darquandier,
> most probably your problem is the default route on CT101 - it should send
> the response packets via the VPN. To avoid this problem, you must perform
> source and destination NAT on CT0, so that source and destination IP of
> arriving packets are replaced. The corresponding commands would be:
> iptables -t nat -A PREROUTING -d [public-ip-CT0] -p tcp --dport 2222 -j
> DNAT --to-destination 10.0.0.101:22
> iptables -t nat -A POSTROUTING -d 10.0.0.101 -p tcp --dport 22 -j SNAT
> --to-source 10.0.0.1
> Now all TCP connections to [public-ip-CT0] and port 2222 are forwarded to
> CT101. One drawback: during the process the original IP address is lost and
> CT101 always assumes that the connections originate from CT0.
> This kind of setup is very tricky to get right, tcpdump helps a lot!
> Btw: We've been using Proxmox for about a year now, and it works great!
> Thanks a lot to the developers!
> On 15.04.2010, at 17:32, Darquandier wrote:
> Hello everyone, count me in on the proxmox ve ship !
>> Still, I'm having some troubles setting up port forwarding to a container,
>> here is my story :
>> I set up a proxmox server with a container inside having a bridged
>> and it's own public ip.
>> Let's call the host server CT0 and the container CT101.
>> CT0 has a vmbr0 interface with an internet public address (call it
>> CT101 has a bridged interface, called eth0, with it's own public address
>> CT101 connects to a VPN, and therefore [public-ip-CT101] becomes
>> On CT0, I created an alias vmbr0:0 with ip 10.0.0.1
>> On CT101, I created an alias eth0:0 with ip 10.0.0.101
>> With or withour the vpn, CT0 can now see CT101 and ssh through it, etc.
>> using this 10.0.0.0 LAN.
>> Now, I want to redirect some of the incoming traffic arriving on CT0 to
>> CT101. Maily an ssh port and some other network services, so that CT101
>> remains fully operatable even when connected to the VPN, and I cannot find
>> the good iptables command to put on the CT0.
>> The best I can do is forwarding the port, I see the packets arrive, but no
>> pve-user mailing list
>> pve-user at pve.proxmox.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the pve-user