[PVE-User] How to VNC to VM from Windows 10 to Proxmox VM behind masquerade IP

Derek Byrne theodorik.obroin at gmail.com
Tue Feb 21 04:29:30 CET 2017 

Hi All,

  Ok, so I can get the linux VM to connect to the internet, and can VNC to
the VM using the Proxmox console.
  What I cannot do is RealVNC to the VM from another PC (Windows 10) on the
same LAN.
  (VNC Viewer will connect if I logon to RealVNC, but it only connects via
the cloud, and not my local LAN.)

  I want to masquerade the IP Address of all new VMs, as I'm not prepared
to allow full access to the internet whilst I perform testing.

  Thanks for any help on this :)

  Proxmox Server:
::---------------------------------------------------------------------------
/etc/network/interfaces:

# Real IP Address
auto eth0
iface eth0 inet static
        address 192.168.0.101
        netmask 255.255.255.0
        gateway 192.168.0.1

# Private Sub Network - 10.25.3.*
auto vmbr253
iface vmbr253 inet static
        address 10.25.3.1
        netmask 255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.25.3.0/24' -o eth0
-j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.25.3.0/24' -o eth0
-j MASQUERADE
        post-up   iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3389
-j DNAT --to-destination 10.25.3.222:3389
        post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 3389
-j DNAT --to-destination 10.25.3.222:3389
        post-up   iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80
-j DNAT --to-destination 10.25.3.222:80
        post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80
-j DNAT --to-destination 10.25.3.222:80
        post-up   iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5900
-j DNAT --to-destination 10.25.3.222:5900
        post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 5900
-j DNAT --to-destination 10.25.3.222:5900

::---------------------------------------------------------------------------
/etc/dhcp/dhcpd.conf:

option domain-name-servers 8.8.8.8;
subnet 10.25.3.0 netmask 255.255.255.0 {
        range 10.25.3.222 10.25.3.240;
        option subnet-mask 255.255.255.0;
        option broadcast-address 10.25.3.255;
        option routers 192.168.0.101;
}
default-lease-time 3600;
max-lease-time 7200;

::---------------------------------------------------------------------------
/etc/sysctl.d:

net.ipv4.ip_forward=1

-- 
. . .
There are only 10 types of people in the world.
Those who understand binary,
and those who don't.
- - -
There's no place like 127.0.0.1
= = =

More information about the pve-user mailing list