NAT with multiple public ip address
For me NATed LXD or proxmox works with single public ip address as follows
sudo nano /etc/network/interfaces
vmbr1 is used for nated ip address with port forwarding
auto vmbr1
iface vmbr1 inet static
address 192.168.51.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
Then I have ip rules
Custom Open Ports
-A PREROUTING -i enp0s3 -p tcp -m multiport --dports 10100:10199 -j DNAT --to-destination 192.168.51.1
-A POSTROUTING -s 192.168.51.0/24 -o enp0s3 -j MASQUERADE
I create lxd container with ip address 192.168.51.1 and everything works.
Now I have second public ip address on enp1s0 so I add vmbr2 in /etc/network/interfaces
vmbr2 is used for nated ip address with port forwarding
auto vmbr2
iface vmbr2 inet static
address 192.168.52.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
And add ip rules
Custom Open Ports
-A PREROUTING -i enp1s0 -p tcp -m multiport --dports 10100:10199 -j DNAT --to-destination 192.168.52.1
-A POSTROUTING -s 192.168.52.0/24 -o enp1s0 -j MASQUERADE
But now LXD container 192.168.52.1 cannot ping 8.8.8.8
And if I do
-A POSTROUTING -s 192.168.52.0/24 -o enp0s3 -j MASQUERADE
LXD container 192.168.52.1 can ping 8.8.8.8
And no port forwarding is working in 192.168.52.1
I think I am missing something basic and may be someone with good networking knowledge can help me
Comments
Are you really sure your IPs are on different interfaces? Shouldn't this be
-i enp0s3 -d YOUR_SECOND_IP?Yes I am sure I have two interfaces enp0s3 (main public ip) and enp1s0 (second public ip)
Have you confirmed that you have connectivity on the host node even without the iptables rules? (e.g.
ping -I enp1s0/enp0s3 1.1.1.1)?Thanks, ping -I enp0s3 1.1.1.1 is working but not ping -I enp1s0 1.1.1.1
But this
curl --interface enp1s0 ipecho.net/plaingive me correct my public ip address so I thought it is working