How to setup NAT on Proxmox
Proxmox uses bridge networking to provide Internet access to virtual machines, but in a bridge networking you need a public IP for each machine. If you have limited IPs you can use NAT to access Internet on your machines. How ever it is preferable to have a static public IP if you are running public services like apache web server. Today we will see how to setup NAT on proxmox to provide private network for virtual machines.
Step 1: Create a bridge
Login to your proxmox host ssh, and run:
nano /etc/network/interfaces
This is your network configuration file for proxmox, you might see one bridged interface already configured (bridged to your physical interface), paste following at the end of your configuration file
auto vmbr2 #private sub network iface vmbr2 inet static address 192.168.1.1 netmask 255.255.255.0 bridge_ports none bridge_stp off bridge_fd 0 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr1 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr1 -j MASQUERADE
- vmbr2 : This is the bridge name for NAT.
- vmbr1 : This is the interface that was already configured in your network file, adjust the name properly.
- 192.168.1.0/24 : This will be the network we are going to use in our internal network, our usable ips in this network will be:
- 192.168.1.2-192.168.1.254
- If you plan to use different network, you can use this site to get help.
- bridge_ports none : Bridge ports here is set to none, since we are not connecting to outside world directly.
You have successfully configured a NAT bridge.
Step 2: Bring up the NAT bridge
You can use this command to bring up the bridge you just created:
ifup vmbr2
This will bring up the bridge.
Step 3: Configure Virtual Machine
As a final step configure your virtual machine to use IP address, since DHCP is not present you will have to manually set IP address. Depending upon your OS you can use following details:
- IP : 192.168.1.2
- Gateway : 192.168.1.1
- Netmask : 255.255.255.0
For further virtual machines you can use these ips:
- 192.168.1.3
- 192.168.1.4
- ..upto 254
For DNS you can use google DNS
- 8.8.8.8
- 8.8.4.4
Step 4 : (Optional) Port forwarding to access from outside world
I am assuming you are working with linux guest. We will access ssh of our guest through public IP of main server.
Run this on proxmox host, we are forwarding host port 3033 to guest port 22. (SSH runs on 22)
iptables -t nat -A PREROUTING -i vmbr1 -p tcp --dport 3033 -j DNAT --to 192.168.1.2:22
Then run following to access guest SSH.
ssh -p 3033 [email protected]
It will ask for the password, once provided you will be successfully connected to guest SSH.
It is not working with Proxmox 5 on fresh install…
Guest can’t reach host, nor internet.
Host can’t ping guest IP.
Any ideas?
Make sure your container is attached to the same bridge vmbr2 in this case.
On Proxmox5 the default bridge created is vmbr0
This works. Thanks for the write up.
It’s a shame they haven’t included NAT in Web UI. What if I want to give someone permissions to create new VMs and expose services to outside world but I don’t want to give this person SSH access to the Proxmox server itself?
Does not work, it says on Windows Gues no network access
[…] http://cyberpersons.com/2016/07/27/setup-nat-proxmox/ […]
Thanks for this tutorial, it works perfect.
The thing is before i was able to do it completely from the GUI without manual iptables rules but i forgot how. It was after proxmox was changed to LXC.
This thing works perfectly. Thanks for the simple HowTo.
work fine but unable to make spice working. unable to access the vm with spice only in vnc
[…] up NAT on Proxmox host. (Private LANs for guest VMs). Link here. Another Link. Last […]