By default, Proxmox creates the Linux bridge vmbr0, which looks through the external interface and all other virtual machine interfaces connected to this bridge will also look to the world. Therefore, it is necessary to raise the NAT from under which all other virtual machines will exit.
To do this, in the Network node section, create a new Linux bridge vmbr1 already with local network settings of the private network: 192.168.10.0/24
In our case, we assigned the IP address 192.168.10.101 to the bridge interface. We do not configure the gateway for this bridge, as this will be the interfaced interface.
Rebooting the server, then using ssh in the console, edit the network configuration file /etc/network/ interfaces and find our private grid section and bring it to the following form:
iface vmbr1 inet static
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s ‘192.168.10.0/24’ -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s ‘192.168.10.0/24’ -o vmbr0 -j MASQUERADE
that is, we enable forwarding of packets between interfaces and enable NAT for the 192.168.10.0 network on the vmbr0 interface.
Packet forwarding can also be set in a classical way in /etc/sysctl.conf by setting the line there:
After that, we reboot the server and proceed to set up the guest virtual machine, in our case for Windows OS.
Before this, we create a network interface for our machine model VirtIO and belonging to the bridge vmbr1 and turn on the machine.
For Windows, you first need to download Stable virtio-win.iso https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso and then upload it via the web interface, which is somewhat dreary because the iso image weighs 300+ MB, so that you can download directly to the Proxmox storage directly from the server:
wget -P /var/lib/vz/template/iso/ https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso
and connect the ISO disk already through the web interface in the machine settings. In the guest machine drivers for network, cards are installed. After installing drivers are registered in the network 192.168.10.0, where IP specifies the required address, gateway address and so on in our case 192.168.10.101
This completes the NAT setup.
If necessary, it is possible to configure port forwarding.
If you need to forward certain ports to the desired virtual machines. This can be done with iptables:
iptables -t nat -A PREROUTING -p tcp -d %ext_ip% –dport %ext_port% -i vmbr0 -j DNAT –to-destination %int_ip%:%int_port%
%ext_ip% – external IP
%ext_port% – the external port that will access the server from the Internet.
%int_ip% – internal IP of the virtual machine
%int_port% – the internal port on which the service will run in the virtual machine.
The result should be a record of the form, for example:
iptables -t nat -A PREROUTING -p tcp -d 184.108.40.206 –dport 4001 -i vmbr0 -j DNAT –to-destination 192.168.1.101:3389
That is, the request that will be sent to IP 220.127.116.11 on port 4001 will be forwarded to the IP of the virtual machine 192.168.1.101 on port 3389
You can view the created rules with the command:
iptables -L -t nat
Save rules iptables: