Usage of the RPN in a VM on a Proxmox host

Requirements:
  • You have an account at console.online.net
  • You have a Dedibox dedicated server
  • You have installed the server with Proxmox VE

As seen in the documentation about the RPN, you can have only one single RPN IP per server.

This may cause some problems for your VMs communicating to each other.

The solution for this is to use NAT with port forwarding.

To do this, you need to do the following as a first step:

- Set the RPN interface (normally eth1) to DHCP configuration
- Add the required routes to the VM
- Proceed with NAT & Port Forwarding directly on the host

Configration of the interface for the use of DHCP

To enable DHCP on the interface eth1, you need to edit the file “/etc/network/interfaces”.

Delete the lines for the configuration of “eth1” and replace them with the following:

auto eth1
iface eth1 inet dhcp

You can reboot your server now or restart the interface:

ifdown eth1 && ifup eth1

You will see something like the following:

Internet Systems Consortium DHCP Client 4.2.2
Copyright 2004-2011 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/eth1/f8:bc:12:48:e7:ec
Sending on   LPF/eth1/f8:bc:12:48:e7:ec
Sending on   Socket/fallback
Internet Systems Consortium DHCP Client 4.2.2
Copyright 2004-2011 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/eth1/f8:bc:12:48:e7:ec
Sending on   LPF/eth1/f8:bc:12:48:e7:ec
Sending on   Socket/fallback
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10
DHCPREQUEST on eth1 to 255.255.255.255 port 67
DHCPOFFER from 10.90.208.xx
DHCPACK from 10.90.208.xx
bound to 10.90.xx.xx -- renewal in 2147483648 seconds.

Routes & Private network

So, we create a private network where the VMs can also communicate with one another on the RPN network.

You need to create a “Linux Bridge” in the Proxmox interface, named vmbrX (X can be replaced with a number of your choice).

You need to assign a private IP of your choice (in our example: 172.16.42.1) which serves as a gateway to the RPN.

Reboot the server to activate the new interface. Go back to the configuration of the VM and add a new virtual interface “veth” in bridged mode on your vmbrX.

Below you can find the configuration of your VM:

auto eth1
iface eth1 inet static
    address 172.16.42.50
    netmask 255.255.255.0
    broadcast 172.16.42.255
    post-up route add -net 10.90.0.0 netmask 255.255.0.0 dev eth1
    post-up route add -net 10.90.0.0 netmask 255.255.0.0 gw 172.16.42.1

Some explanations:

  • At first we configure the network in the subnet of vmbrX
  • Then we add the routes to the RPN network, to specify where the RPN traffic must pass

Firewall

Finally we will configure the address translation directly on the firewall so that the packets can change the network interface.

iptables -t nat -A POSTROUTING -o eth1 -s 172.16.42.0/24 -j MASQUERADE
It may be useful to keep these routes after a restart, for example with the packet iptables-persistant.

Finally, if you want to “Publish” the ports directly on the RPN network, you need to setup the port forwarding.

iptables -t nat -A PREROUTING -p tcp -d IP_RPN --dport PORT_RPN -i eth1 -j DNAT --to-destination IP_LAN_VMBRX

Replacing all variables by good informations :

  • IP_RPN = Private IP of your RPN interface, configured using DHCP.
  • PORT_RPN = The port to activate on the RPN network. This can be port 80 (HTTP), 443 (HTTPS), etc …
  • IP_LAN_VMBRX = The private IP assigned to the VM in the network of vmbrX