All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Proxmox Guest DNS issue when nat forward port 53
Using proxmox 7.3 and nat forward on a bridge as below
auto vmbr0
iface vmbr0 inet static
address 172.29.0.10/24
gateway 172.29.0.1
bridge-ports eth0
bridge-stp off
bridge-fd 0
auto vmbr1
iface vmbr1 inet static
address 192.168.0.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s 192.168.0.0/24' -o vmbr0 -j MASQUERADE
When I forward port 53 (tcp/udp) to any guest, then all guests (debian 11, rokylinux 8.6) which using resolvconf.service are not resolving DNS. They are connected to the internet but only having DNS resolve issue.
Any idea? Searched everywhere but could not find the answer
Comments
It makes sense. If you map a port to a certain IP, then it can't be used to other IPs.
So, since DNS used port 53 to query stuff as well as to serve stuff, they can't use it as it is assigned already to an IP.
What iptables rule did you use for forwarding port 53?
iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 53 -j DNAT --to 192.168.0.12:53
iptables -t nat -A PREROUTING -i vmbr0 -p udp--dport 53 -j DNAT --to 192.168.0.12:53
Try
iptables -t nat -A PREROUTING -i vmbr0 -s '!192.168.0.0/24' -p tcp --dport 53 -j DNAT --to 192.168.0.12:53
iptables -t nat -A PREROUTING -i vmbr0 -s '!192.168.0.0/24' -p udp--dport 53 -j DNAT --to 192.168.0.12:53
Thanks for your help. It fails with error. Something wrong with syntax as below
iptables v1.8.7 (legacy): host/network `!192.168.0.0/24 not found
the fix was so simple. just using the local ip without port as below
ptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 53 -j DNAT --to 192.168.0.12
iptables -t nat -A PREROUTING -i vmbr0 -p udp--dport 53 -j DNAT --to 192.168.0.12