Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Daniel Newman2012-08-24 13:50:59
Debian
Daniel Newman, 2012-08-24 13:50:59

Hetzner〉Proxmox〉VM00. How to forward ports?

Implementing the translated HowTo for splitting the server LAMP stack into virtual machines,
I raised Proxmox to Hetzner.

Desired topology in pictures
image
Желаемая топология в текстовом виде
//////////////////////////
/ Интернет/маршрутизатор /
/ gateway: 175.19.59.193 /
//////////////////////////
           \
            \
             ----------| vm00
             175.19.59.209:80 - eth0
             10.10.11.1       - vmbr1
         +-----------------------------+
         | Реверс-прокси               |
         | Межсетевой экран (Firewall) |      eth0:10.10.11.10/vm01
         +-----------------------------+     +----------------------+
         |                                   | Lighttpd             |
         +-----------------------------------+ статический контент  |
         |                                   | /var/www/static      |
         |                                   +----------------------+
         |
         |                                    eth0:10.10.11.11/vm02
         +-----------------------------------+-----------------------+
         |                                   | Apache+php+perl+python|
         |                                   | /var/www/html         |
         |                                   +-----------------------+
         |
         |                                    eth0:10.10.11.12/vm03
         +-----------------------------------+-----------------------+
         |                                   |Кэш SQL БД             |
         |                                   |Redis/Memcached и т.д. |
         |                                   +-----------------------+
         |
         |                                   eth0:10.10.11.13/vm04
         |                       (или выделенный сервер БД на шасси RAID-10)
         +-----------------------------------+------------------------+
         |                                   | Mysql/pgsql сервер БД  |
         |                                   | @10.10.11.13:3306/5432|
         |                                   +------------------------+
         |
         |                                   eth0:10.10.11.14/vm05
         |    (или сервер-хранилище с доступом по NFSv4 на шасси RAID-10)
         +-----------------------------------+------------------------+
                                             | NFSv4 на Linux         |
                                             | /export/{static,html   |
                                             +------------------------+

To do this, Proxmox was installed on Hetzner's EX4,
configured according to a dedicated IP

Proxmox.HOST (Debian)
# network interface settings
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
address 175.19.59.209
netmask 255.255.255.224
gateway 175.19.59.193
bridge_ports eth0
bridge_stp off
bridge_fd 0

auto vmbr1
iface vmbr1 inet static
address 10.10.11.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.11.0/24' -o eth0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.11.0/24' -o eth0 -j MASQUERADE

vm00 (reverse proxy), in my case it is HOST , without any nginx there. Proxmox only.
I want to push nginx into the virtalok pool, i.e. VM vm01 is my KVM-nginx (CentOS).

vm01 (CentOS guest)
#/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
BOOTPROTO="none"
ONBOOT="yes"
HWADDR="XX:XX:XX:XX:XX"
NETMASK=255.255.255.0
IPADDR=10.10.11.2
TYPE="Ethernet"

#/etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=nginx.localdomain

I set it up with the help of seven nannies, manuals from Hetzner , Proxmox and many others, but I can’t get out of the machine’s guest vm01 , although the HOST pings the 10.10.11.0/24 subnet remarkably. I need to force HOST :1080 -〉vm01 :100500 to be forwarded. And also to enable this vm01 to update the software from the Internet, i.e. HOST:80 〈-〉vm01 :80.

All other virtual machines on the 10.10.11.0/24 subnet can communicate with each other.

Kill, I do not see what I set up wrong.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Daniel Newman, 2012-08-26
@danielnewman

Reason found:

post-up iptables -t nat -A POSTROUTING -s '10.10.11.0/24' -o net0 -j MASQUERADE

instead of
post-up iptables -t nat -A POSTROUTING -s '10.10.11.0/24' -o eth0 -j MASQUERADE

In the configuration examples, eth0 should have been replaced with the TAP of the virtual machine. Just.
Thanks for the downvote for the question.
serverfault.com/questions/421357/debian-kvm-host-and-guests-interfaces-configuration

Similar questions
I
izstas2012-07-12 16:46:54
What is the correct way to allow a Java application to listen on a privileged port? 4Reply
K
Konstantin Alikhanov2012-07-26 15:14:40
How to remove pip itself? 1Reply
D
Drno2021-07-30 23:13:25
What could be the problem with this error (Out of memory)? 1Reply
P
Pavel2018-04-12 15:59:40
How to restrict ssh access to specific users? 2Reply
V
vlarkanov2018-04-14 21:29:57
Debian 9.4: why doesn't the gre tunnel come up on system startup? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question