From 86b7dba8baa6ad2b61ed540cee1d8d9929ed97df Mon Sep 17 00:00:00 2001 From: alex Date: Sat, 18 Oct 2025 13:35:54 +0200 Subject: Add NAT --- blueprint/proxmox.md | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/blueprint/proxmox.md b/blueprint/proxmox.md index 3e35215..d1102e7 100644 --- a/blueprint/proxmox.md +++ b/blueprint/proxmox.md @@ -54,3 +54,63 @@ source /etc/network/interfaces.d/* ; `10.43.43.6` is the address in the internal network of the parent Proxmox host. `10.43.43.1` is the address of the parent Proxmox host that acts as the gateway. `ens18` is the virtual network interface of the Proxmox VM. + +## Configure NAT + +Refer to [Masquerading (NAT) with iptables](https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#sysadmin_network_masquerading). + +Edit `/etc/network/interfaces` to make the private network on `vmbr0`. +Like the Proxmox documentation, this snippet uses the `10.10.10.0/24` network, with 256 addresses `10.10.10.0`-`10.10.10.255`. + +``` +auto lo +iface lo inet loopback + +auto ens18 +iface ens18 inet static + address 10.43.43.6/25 + gateway 10.43.43.1 + +auto vmbr0 +iface vmbr0 inet static + address 10.10.10.1/24 + bridge-ports none + bridge-stp off + bridge-fd 0 + + post-up echo 1 > /proc/sys/net/ipv4/ip_forward + post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE + post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE + +source /etc/network/interfaces.d/* +``` + +Reboot at this point to verify that networking on startup applies correctly. + +After rebooting, verify the network configuration: + +``` +root@p9:~# ip a +1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host noprefixroute + valid_lft forever preferred_lft forever +2: ens18: mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether bc:24:11:6e:bf:7c brd ff:ff:ff:ff:ff:ff + altname enp0s18 + altname enxbc24116ebf7c + inet 10.43.43.6/25 scope global ens18 + valid_lft forever preferred_lft forever + inet6 fe80::be24:11ff:fe6e:bf7c/64 scope link proto kernel_ll + valid_lft forever preferred_lft forever +3: vmbr0: mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 + link/ether 3e:2d:f2:57:7e:0c brd ff:ff:ff:ff:ff:ff + inet 10.10.10.1/24 scope global vmbr0 + valid_lft forever preferred_lft forever + inet6 fe80::3c2d:f2ff:fe57:7e0c/64 scope link proto kernel_ll + valid_lft forever preferred_lft forever +``` + +VMs and LXC containers should be able to use `10.10.10.x` addresses and connect to the Internet through Proxmox. -- cgit v1.2.3