Proxmox: create a private network with NAT

In this tutorial, I will explain to you how to create a private network on Proxmox and configure NAT so that the LXC/CT containers and virtual computers in this network have access to the Internet.

Using NAT in this situation will bring out the VM and CT to the Internet with the IP address of the Proxmox server.

In this tutorial, I will create the NAT network on the s-pve-2 server.

Here is the network configuration of the s-pve-2 server:

To add an additional network and configure NAT, this is done through the Shell by editing the file /etc/network/interfaces.

As we can see in the screenshot below, there is only the default bridge available vmbr0.

Start by making a backup of the file /etc/network/interface :

cp /etc/network/interface /etc/network/interface.backup

We will now create a new bridge vmbr1 which will have a static IP address, which will not be linked to a physical interface and we will also add the iptables rules.

In file /etc/network/interface add the code below:

Adapt the configuration to the environment, in particular the number of the vmbr interface created and the number in the iptables rule.

Which gives me for the s-pve-2 server:

If you have activated the Proxmox firewall, you must add the following lines:

post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

Once the configuration is complete, restart the networking service for it to take effect.

systemctl restart networking.service

To check whether it is taken into account, enter the following commands: ip a and ip route.

If we look again at the Web interface, we find the interface that we created.

To use the private network with NAT in Proxmox, when creating a VM or CT, you must configure the network card to use the vmbr1 interface and indicate as the default gateway the IP address that has been assigned to the Proxmox server.

To finish this tutorial, we will see how to do port forwarding (Forwarding) to publish virtual machine services that would be in the private network.

From the Proxmox server shell enter the following command:

iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 222 -j DNAT --to 10.99.99.1:22

Here I publish on port 222 of the Proxmox server the SSH access (22) of the virtual machine which has the IP address 10.99.99.1


You know how to create a private network with NAT on Proxmox and how to publish access.




2 thoughts on “Proxmox: create a private network with NAT”

  1. Dear Romain,
    Nice guide,
    what I must do if I want add another private IP subnet for my VMs?
    for example you use 192.168.199.250 255.255.255.0
    but I want also 192.168.90.0/24 add too for example I want my vms has 192.168.199.* and some vms has 192.168.90.* and all range have access to internet

    Reply

Leave a Comment