You are not logged in.

HostDoc Community

The Official HostDoc Hosting Community Forums

Announcement

We now have an official discord channel for support and chat: https://discord.gg/RjQyVZ8

New Phoenix Arizona location launching soon.

#1 2019-03-15 11:42:29

David
HostDoc Support
From: Australia
Registered: 2019-02-24
Posts: 79

Setting up Proxmox with IPv4 NAT and IPv6 guests

Today's guide is about setting up Proxmox so that your KVM or LXC guests can have their own IPv4 NAT (with port forwarding) and an IPv6 address.

This came about for me due to the fact that I have set up a few VPS from HostDoc with Proxmox, and I've been primarily using the IPv4 NAT to give access to the guests from the outside world.  On the HostDoc Texas location you also get a /64 of IPv6, so I thought I'd take the opportunity to use that and set up a couple of guest VMs with their own IPv6 address along with IPv4 NAT.

Getting Started

This tutorial assumes you already have Proxmox installed, if not, I will be working on another guide soon that covers that, but I recommend the official Proxmox "Installing Proxmox on Debian Stretch" guide which can be found here.

Configuration

The first thing I will cover is the configuration of Proxmox networking. My server has the main interface on eth0 which has IPv4 and IPv6 bound to it already.

We will be creating a bridge called vmbr0 which will be the interface that bridges to the Proxmox guests.

In /etc/network/interfaces this is what I have:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 107.155.79.79
netmask 255.255.255.192

broadcast 107.155.79.79
post-up route add 107.155.79.65 dev eth0
post-up route add default gw 107.155.79.65 dev eth0

iface eth0 inet6 static
        address 2604:880:398:0519:0000:0000:0000:0001
        netmask 128
post-up /sbin/ip -r route add 2604:880:398::1 dev eth0
post-up /sbin/ip -r route add default via 2604:880:398::1

auto vmbr0
iface vmbr0 inet static
        address  10.10.10.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off                                                                                                              
        bridge_fd 0                                                                                                                 
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward                                                                              
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eth0 -j MASQUERADE                                           
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eth0 -j MASQUERADE                                           
                                                                                                                                    
    ### START IPv4 NAT PORT FORWARDING                                                                                              
        post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 10022 -j DNAT --to 10.10.10.100:22                             
        post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 10022 -j DNAT --to 10.10.10.100:22                           
                                                                                                                                    
        post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 10180 -j DNAT --to 10.10.10.101:80                             
        post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 10180 -j DNAT --to 10.10.10.101:80                           
    ### END IPv4 NAT PORT FORWARDING                                                                                                
                                                                                                                                  
auto vmbr0
iface vmbr0 inet6 static
     address 2604:880:398:0519:0000:0000:0000:0002
     netmask 64
     bridge_ports none
     bridge_stp off
     bridge_fd 0
     post-up echo 1 > /proc/sys/net/ipv6/conf/all/proxy_ndp
     post-up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
     post-up echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
     post-up /sbin/ip -f inet6 neigh add proxy 2604:880:398:0519:0000:0000:0000:0002 dev vmbr0

     ### START GUEST IPv6
     post-up /sbin/ip -f inet6 neigh add proxy 2604:880:398:0519:0000:0000:0000:0100 dev eth0
     post-up /sbin/ip -f inet6 route add 2604:880:398:0519:0000:0000:0000:0100 dev vmbr0
     
     post-up /sbin/ip -f inet6 neigh add proxy 2604:880:398:0519:0000:0000:0000:0101 dev eth0
     post-up /sbin/ip -f inet6 route add 2604:880:398:0519:0000:0000:0000:0101 dev vmbr0
     ### END GUEST IPv6

In /etc/sysctl.conf :

net.ipv6.conf.all.forwarding = 1 
net.ipv6.conf.all.proxy_ndp = 1
net.ipv6.bindv6only = 1
Customising the configuration

The above /etc/network/interfaces file has 2 IP addresses that you will need to change every instance of, 107.155.79.79 for IPv4 and 2604:880:398:0519:0000:0000:0000:0001 for IPv6.

When you get your HostDoc VPS in Texas, check the start of your IPv6 address and replace it with yours, for example mine is 2604:880:398:0519 - whereas yours will be something different.

I have left my actual IPs in here to make the guide more simple, I've found covering them up just confuses things for people trying to learn.

The other set of IPs you will notice is the 10.10.10.100 etc range, these are the IPv4 internal IPs we will use for our Proxmox guests.

Putting this to use

Now that your /etc/network/interfaces file has been set up with your IPs, we can start using this setup.

Let's say you have a Proxmox guest with the internal IP of 10.10.10.100 and you want port 10022 to forward to port 22 on that IP, as you can see in the interfaces file, that has been set up.  The other example is for 10.10.10.101 port 80 to be forwarded to the host's port 10080.  Change these as you like, add as many as you like.

In the section of guest IPv6, you can see that I've added 2 addresses, one ending in 100 and the other in 101.  You can add as many as you like here also.

Setting up the networking on the Proxmox guests

For this example, we will create 2 LXC containers with the following setup in the wizard:

IPv4: 10.10.10.100/32
IPv4 Gateway: 10.10.10.1
IPv6: 2604:880:398:0519:0000:0000:0000:0100
IPv6 Gateway: 2604:880:398:0519:0000:0000:0000:0002

IPv4: 10.10.10.101/32
IPv4 Gateway: 10.10.10.1
IPv6: 2604:880:398:0519:0000:0000:0000:0101
IPv6 Gateway: 2604:880:398:0519:0000:0000:0000:0002

Note the gateway ends in 0002.

Testing

You should now be able to ping google.com from inside a guest.
You should now be able to ping6 google.com from inside a guest.
You should now be able to ping your IPv6 from the outside world.
You should now be able to access port 22 of 10.10.10.100 on port 10022 on your host's IP
You should now be able to access port 80 of 10.10.10.101 on port 10080 on your host's IP

Finish

You can basically copy/paste the example interfaces file as long as you make sure it has YOUR IP addresses (both IPv4 and IPv6) and don't forget to add those 3 lines to /etc/sysctl.conf to make sure that IPv6 works.

I will clean this guide up a bit as time goes on to make it a bit more user friendly.  As I was writing it I found a lot of different ways I could express things, but decided to keep it as minimal as possible.

Please let me know if there is anything that isn't clear and I will do my best to clarify that for you.

Offline

Liked by:

#2 2019-06-11 09:01:46

cybertech
Member
Registered: 2019-02-28
Posts: 55

Re: Setting up Proxmox with IPv4 NAT and IPv6 guests

i've currently got proxmox installed and created 1 VM.

it currently has no network so i guess need to follow this guide.

question is, how about SSH connection from external connection? as by default it is my VPS IP address Port 22.

does it mean i should connect to SSH from port 10022?

Last edited by cybertech (2019-06-11 09:02:40)

Offline

#3 2019-06-11 09:47:53

David
HostDoc Support
From: Australia
Registered: 2019-02-24
Posts: 79

Re: Setting up Proxmox with IPv4 NAT and IPv6 guests

Yes, if you followed the guide above. There is a port forwarding set up for port 10022 to 10.10.10.100 port 22

I hope that helps smile

Offline

Liked by:

#4 2019-06-24 08:45:25

cybertech
Member
Registered: 2019-02-28
Posts: 55

Re: Setting up Proxmox with IPv4 NAT and IPv6 guests

David wrote:

Yes, if you followed the guide above. There is a port forwarding set up for port 10022 to 10.10.10.100 port 22

I hope that helps smile

Hi David smile

I'm stuck at setting up ip config for the guests. not sure where is the Proxmox wizard to put the IPv4 address and gateway.

i could see vmbr0 on the guest proxmox under "Hardware", but it doesnt have those fields.

think i set up proxmox as KVM.





Setting up the networking on the Proxmox guests
For this example, we will create 2 LXC containers with the following setup in the wizard:

IPv4: 10.10.10.100/32
IPv4 Gateway: 10.10.10.1
IPv6: 2604:880:398:0519:0000:0000:0000:0100
IPv6 Gateway: 2604:880:398:0519:0000:0000:0000:0002

IPv4: 10.10.10.101/32
IPv4 Gateway: 10.10.10.1
IPv6: 2604:880:398:0519:0000:0000:0000:0101
IPv6 Gateway: 2604:880:398:0519:0000:0000:0000:0002

Note the gateway ends in 0002.

Last edited by cybertech (2019-06-24 09:08:13)

Offline

Board footer

Powered by FluxBB