Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Automate deployment of NAT VMs on Proxmox?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Automate deployment of NAT VMs on Proxmox?

sgno1sgno1 Member
in Help

What's the most efficient way to auto-deploy deploy NAT VMs with probably a few ports forwarded. I'm doing a personal project for educational purposes where I want to be able to deploy NAT VMs on-the-fly and delete them too if needed. I read that Terraform may be a good option? I noticed that there are quite a few providers here on LET that provide NAT VMs, what are your approaches?

The OS I am using is the latest Proxmox.

Comments

  • bootboot Member

    I look forward to your offerings.

  • NeoonNeoon Community Contributor, Veteran

    cloud-init is a thing.
    You clone your ready proxmox template, update the settings like password or ssh public key, network and you start the vm.

    I have a bunch of proxmox templates which I use mainly for NanoKVM here.
    https://img.nanokvm.net/

    I also use them on my private KS-LE, clone, configure and boot.
    Gonna build them on Jenkins at some point, like this.
    https://jenkins.microlxc.net/

    Thanked by 3sgno1 0xC7 loay
  • BasToTheMaxBasToTheMax Member, Host Rep

    @sgno1 said:
    What's the most efficient way to auto-deploy deploy NAT VMs with probably a few ports forwarded. I'm doing a personal project for educational purposes where I want to be able to deploy NAT VMs on-the-fly and delete them too if needed. I read that Terraform may be a good option? I noticed that there are quite a few providers here on LET that provide NAT VMs, what are your approaches?

    The OS I am using is the latest Proxmox.

    KVM or LXC (proxmox containers)?

    Thanked by 1wedge1001
  • sgno1sgno1 Member

    @BasToTheMax said:

    @sgno1 said:
    What's the most efficient way to auto-deploy deploy NAT VMs with probably a few ports forwarded. I'm doing a personal project for educational purposes where I want to be able to deploy NAT VMs on-the-fly and delete them too if needed. I read that Terraform may be a good option? I noticed that there are quite a few providers here on LET that provide NAT VMs, what are your approaches?

    The OS I am using is the latest Proxmox.

    KVM or LXC (proxmox containers)?

    Mainly KVM, but LXC would be good too, which I believe would be easier.

  • NeoonNeoon Community Contributor, Veteran

    @Neoon said:
    cloud-init is a thing.
    You clone your ready proxmox template, update the settings like password or ssh public key, network and you start the vm.

    I have a bunch of proxmox templates which I use mainly for NanoKVM here.
    https://img.nanokvm.net/

    I also use them on my private KS-LE, clone, configure and boot.
    Gonna build them on Jenkins at some point, like this.
    https://jenkins.microlxc.net/

    500 is Debian 10 and 501 is Debian 11.
    You basically you wget it into /var/lib/vz/dump

    Then you just restore it, click clone, full clone, which is important and configure network and your ssh pub key or set a password, which is enabled on these templates and you got a shiny new VM.

    Thanked by 2sgno1 jugganuts
  • vsys_hostvsys_host Member, Patron Provider

    @sgno1 said:
    What's the most efficient way to auto-deploy deploy NAT VMs with probably a few ports forwarded. I'm doing a personal project for educational purposes where I want to be able to deploy NAT VMs on-the-fly and delete them too if needed. I read that Terraform may be a good option? I noticed that there are quite a few providers here on LET that provide NAT VMs, what are your approaches?

    The OS I am using is the latest Proxmox.

    Deploy your virtual machines via Proxmox API with Cloudinit. Then, your "personal project" can add a forwarding rule on the host-level firewall using a bash script or tools like Ansible, Puppet, etc.

  • danblazedanblaze Member
    edited February 16

    Using scripts to configure forwarding rules, regularly detecting the id of vm and assigning appropriate ports should be the simplest start.

    Considering that all this is not complicated, a bash script for a timed task can even work (although it may not be very beautiful, it is indeed feasible)

    I have a little script written here that probably does something like port and port segment forwarding manually.

    He's overly rudimentary, and even the interactions are still written in Chinese, but if you don't mind, I think it can be used as a rudimentary reference.

    # nat_config.sh

#!/bin/bash

function add_rule() {
  local interface=$1
  local ext_port_range=$2
  local int_ip=$3
  local int_port_range=$4

  if ! ip addr show "${interface}" &> /dev/null; then
    echo "无效的网络接口:${interface}"
    return 1
  fi

  if ! valid_ip "${int_ip}"; then
    echo "无效的IP地址:${int_ip}"
    return 1
  fi

  iptables -t nat -I PREROUTING -p tcp -i "${interface}" --dport "${ext_port_range}" -j DNAT --to-destination "${int_ip}:${int_port_range}"
  netfilter-persistent save
}

function list_rules() {
  echo "当前NAT规则:"
  iptables -t nat -L PREROUTING --line-numbers -n | grep DNAT
}

function delete_rule() {
  local rule_number
  list_rules
  echo "请输入要删除的规则编号:"
  read rule_number
  if [[ ! "${rule_number}" =~ ^[0-9]+$ ]]; then
    echo "无效的规则编号:${rule_number}"
    return 1
  fi
  iptables -t nat -D PREROUTING "$rule_number"
  netfilter-persistent save
}

function valid_ip() {
  local ip=$1
  local stat=1

  if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
    OIFS=$IFS
    IFS='.'
    ip=($ip)
    IFS=$OIFS
    [[ ${ip[0]} -le 255 && ${ip[1]} -le 255 && ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
    stat=$?
  fi
  return $stat
}

function check_netfilter_persistent() {
  if ! command -v netfilter-persistent >/dev/null 2>&1; then
    echo "netfilter-persistent未安装。"
    read -p "是否需要安装netfilter-persistent?(y/n):" choice
    if [[ $choice == "y" ]]; then
      echo "开始安装netfilter-persistent。"
      sudo apt-get update
      sudo apt-get install -y iptables-persistent
    else
      echo "请手动安装netfilter-persistent后再运行本脚本。"
      exit 1
    fi
  fi
}

function main_menu() {
  while true; do
    echo "请选择操作:"
    echo "1. 添加规则"
    echo "2. 列出规则"
    echo "3. 删除规则"
    echo "4. 退出"
    read -p "请输入您的选择(1-4):" choice
    echo ""

    case $choice in
      1)
        # 获取用户输入
        read -p "请输入网卡名称:" interface
        read -p "请输入外部端口范围或单个端口(如8000:9000或8000):" ext_port_range
        read -p "请输入内网IP地址:" int_ip
        read -p "请输入内网端口范围或单个端口(如8000-9000或8000):" int_port_range

        # 添加规则
        add_rule "${interface}" "${ext_port_range}" "${int_ip}" "${int_port_range}"
        ;;
      2)
        # 显示当前规则
        echo "当前NAT规则:"
        list_rules
        ;;
      3)
        # 删除规则
        delete_rule
        ;;
      4)
        exit 0
        ;;
      *)
        echo "无效的选择,请输入1-4之间的数字。"
        continue
        ;;
    esac
    break
  done
}

# 检查netfilter-persistent
check_netfilter_persistent

# 主循环
while true; do
  main_menu
  echo ""
done
    Thanked by 2chihcherng sgno1
Sign In or Register to comment.