I have a simple configuration.
Mind map how everything look like
So I have a structure:
- Proxmox Host OS (vmbr0, vmbr1)
- Container 1 (eth0)
- Container 2 (eth0)
The Proxmox networks:
vmbr0
Link encap: Ethernet
inet addr: 136.136.136.161
Bcast: 136.136.136.191
Mask: 255.255.255.192
vmbr1
Link encap: Ethernet
inet addr: 192.168.1.254
Bcast: 136.136.1.255
Mask: 255.255.255.0
The container 1 network:
eth0
Link encap: Ethernet
inet addr: 136.211.123.180
Bcast: 136.211.123.180
Mask: 255.255.255.255
The container 2 network:
eth0
Link encap: Ethernet
inet addr: 192.168.1.1
Bcast: 192.168.1.255
Mask: 255.255.255.0
The normal iptables of the proxmox looks like this. (TeamSpeakĀ³ example forward for udp port 9987)
~# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT udp -- anywhere anywhere udp dpt:9987 to:192.168.1.1:9987
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.1.0/24 anywhere
This is added via:
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o vmbr0 -j MASQUERADE
iptables -t nat -A PREROUTING -i vmbr0 -p udp -m udp --dport 9987 -j DNAT --to-destination 192.168.1.1:9987
And the question now is how to make a forward from the container 1 to the container 2, too?
At the moment the requests goes to the Proxmox Host and they'll forward this requests to the containers via iptables.
But the container 1 have a static ip address assigned because normally all ports should be go to this server. – except a few which I want to forward to the other container.
So how can I forward requests to the other static ip address of container 1 to container 2?
Container 2 is the TSĀ³ container.
Container 1 is the "static ip address" container.
And the proxmox host have a own ip address, too, which is used at the moment for all those requests.
Thank's in Advance for any ideas.
Best Answer
I would simply set up the public .180 address on the host OS vmbr0 interface, and then make port forwarding on the host OS.
I can't see the point of having the separate VM here. If you really want to do additional complexity with a separate VM, then you can try this.
Your container 1 network setup is odd, you cannot access any other host in the
136.211.123.128/255.255.255.192
network from that container. You should use the same netmask and broadcast addresses as are used in host OS.For the actual forwarding, you need to add a second interface to container 1, which is bridged to
vmbr1
. Then you can make a port forwarding rule in container 1:So, container 1 has an interface in both external and internal networks, and then it can make the port forward.