When I was setting up my dedicated server for the first time, I wanted to be able to set up multiple KVM or LXC containers that share the same public IP address, since my dedicated server only has 1.
From what I understood, Proxmox was designed to allow each VPS to have it's own public IP but this wouldn't suit.
I searched the internet for hours trying to find a solution, and it turned out to be relatively simple.
What we need to do is edit the /etc/network/interfaces file and enable a few things; ipv4 forwarding and some iptables rules. Yuck! That sounds like hard work, but it's actually simple, especially if you like to copy/paste :)
What we are going to do is set the dedicated server up with an "internal" network, and that's where the VMs will communicate. They can communicate with each other, as well as the host server.
Before I post the contents of the /etc/network/interfaces file, I will point out a few things that you may need to change depending on your setup. The main thing is the way your network is laid out, mine looks like this:
Dedicated Server/Proxmox Server
Public IP: x.x.x.x
Internal IP: 10.10.10.1
Internal IP: 10.10.10.10
Internal IP: 10.10.10.11
Let's say I want to run a web server on port 80 on VM 1 and an FTP server on VM 2, I would need to forward port 80 from the Proxmox public IP to port 80 on VM 1. I would also need to forward port 21 from Proxmox to port 21 on VM 2.
To complicate things, and for extra points, if you wanted to have multiple FTP servers for example on VM 1 and VM 2 then we can change the port on the Proxmox server - for example port 2121 goes to VM 1 and port 2222 goes to VM 2.
Have a look at your /etc/network/interfaces file:
Mine looks a little like this:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
iface lo inet loopback
# The primary network interface
iface eth0 inet static
Yours will be different, but very similar. The main thing we need to take note of if the interface - mine is eth0, and I believe in most cases that's what it would be, but just double check because if it's not the next part will need to be modified.
Basically that is the basic setup to get your Proxmox server talking to the internet, but it doesn't do anything for VM 1 or VM 2, until we add this underneath the above:
#private sub network
iface vmbr0 inet static
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eth0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eth0 -j MASQUERADE
This gives the Proxmox host an internal network called "vmbr0", with an IP of 10.10.10.1, and it also enabled ipv4 forwarding and sets up the basic iptables config. Notice how it refers to eth0 - if your interface is different then change it to that.
So at this stage we've created the internal network, and the VMs will be able to use this new network "vmbr0" to access the internet, but it's not going to allow incoming connections or port forwarding until we add the next bit:
post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 10.10.10.10:80
post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 10.10.10.10:80
This will take anything that's sent to your Proxmox public IP on port 80 and forward it to port 80 on 10.10.10.10 (which is VM 1 in this example)
If you wanted to forward port 8080, for example, to port 80 on the VM, you could change it to this:
post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to 10.10.10.10:80
post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to 10.10.10.10:80
You'll notice there are 2 lines, post-up and post-down, which means when the connection goes up it will set up the forwarding and when it goes down it will remove the forwarding.
Go ahead and repeat the process for any VMs you have and the ports you'd like to be forwarded.
So, now that we've added the network config, we need to reboot to make it take effect. See you after the reboot...
... okay, so we're back.
Hopefully everything is fine at this stage and you're still able to access your Proxmox.
Let's move onto the next part, which is setting up the VM themselves with this new config.
I will walk through adding a new VM.
Let's create a new LXC container, "click Create CT".
Give it a hostname, can be anything, choose the image etc and wait at the Network tab.
For IP address, we need to give it the STATIC IP in the range we set before, so if you're following this example it would be 10.10.10.10/24 - notice the /24 at the end, leave that in otherwise it won't work.
The gateway will be 10.10.10.1
Note that DHCP will not work, you MUST set the IP yourself.
The DNS settings, you can either leave blank or fill it in. My advice would be leave it blank, and if you can't resolve a hostname in the VM then go back and change it. The best test is to "ping google.com" and if it fails, try to "ping 220.127.116.11" if that works it needs the DNS to be set up.
Now you've got it set up, your port forwarding should work!