Suche umschalten
Menü umschalten
2
10
1
237
Hennings Wiki
Persönliches Menü umschalten
Nicht angemeldet
Your IP address will be publicly visible if you make any edits.

Proxmox IPv4 NAT + IPv6 routed

Aus Hennings Wiki
Weitere Aktionen
sysctl
vim /etc/sysctl.conf

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.vmbr0.accept_ra=2
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.default.proxy_ndp=1
net.ipv6.conf.all.proxy_ndp=1
npd6
apt install npd6

vim /etc/npd6.conf

prefix = 2a03:4000:48:663:
interface = ens3
ralogging = off
listlogging = off


/etc/network/interfaces
auto lo
iface lo inet loopback

auto ens3
iface ens3 inet static
	address 45.132.244.96/22
	gateway 45.132.244.1


iface ens3 inet6 static
	address 2a03:4000:48:663::2
	netmask 128
	gateway fe80::1
	up sysctl -p

auto vmbr1
iface vmbr1 inet static
	address 10.20.30.1
	netmask 255.255.255.0
	bridge_ports none
	bridge_stp off
	bridge_fd 0
	post-up iptables -t nat -A POSTROUTING -s '10.20.30.0/24' -o ens3 -j MASQUERADE
	post-down iptables -t nat -D POSTROUTING -s '10.20.30.0/24' -o ens3 -j MASQUERADE

	# Wireguard Client NAT to all containers
	# post-up iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
	# post-down iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE

	# NGINX Server on 10.20.30.101
	post-up iptables -t nat -A PREROUTING -i ens3 -d 45.132.244.96 -p tcp --dport 80 -j DNAT --to 10.20.30.101:80
	post-down iptables -t nat -D PREROUTING -i ens3 -d 45.132.244.96 -p tcp --dport 80 -j DNAT --to 10.20.30.101:80
	post-up iptables -t nat -A PREROUTING -i ens3 -d 45.132.244.96 -p tcp --dport 443 -j DNAT --to 10.20.30.101:443
	post-dowm iptables -t nat -D PREROUTING -i ens3 -d 45.132.244.96 -p tcp --dport 443 -j DNAT --to 10.20.30.101:443


auto vmbr0
iface vmbr0 inet static
	address 45.132.244.96/32
	bridge-ports none
	bridge-stp off
	bridge-fd 0
	# extra IPv4 goes here:
	# up ip route add 45.132.244.xx/32 dev vmbr0

iface vmbr0 inet6 static
	address 2a03:4000:48:663::3
	netmask 64

	up ip -6 route add 2a03:4000:48:663::/64 dev vmbr0

	# Allow ICMP to Subnet
	post-up		ip6tables -A FORWARD -d 2a03:4000:48:663::0/64 -p ipv6-icmp -j ACCEPT
	post-down 	ip6tables -D FORWARD -d 2a03:4000:48:663::0/64 -p ipv6-icmp -j ACCEPT

	# Allow HTTP/S
	post-up		ip6tables -A FORWARD -d 2a03:4000:48:663::f002/128 -p tcp --dport 80 -j ACCEPT
	post-down	ip6tables -D FORWARD -d 2a03:4000:48:663::f002/128 -p tcp --dport 80 -j ACCEPT

	post-up		ip6tables -A FORWARD -d 2a03:4000:48:663::f002/128 -p tcp --dport 443 -j ACCEPT
	post-down	ip6tables -D FORWARD -d 2a03:4000:48:663::f002/128 -p tcp --dport 443 -j ACCEPT
	
	# Block all
	post-up ip6tables -A FORWARD -d 2a03:4000:48:663::0/64 -j DROP
Abgerufen von „https://wiki.lexodexo.de/index.php?title=Proxmox_IPv4_NAT_%2B_IPv6_routed&oldid=150
Zuletzt geändert
Diese Seite wurde zuletzt am 15. Februar 2023 um 18:04 Uhr bearbeitet.