All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
NAT with multiple public ip address
For me NATed LXD or proxmox works with single public ip address as follows
sudo nano /etc/network/interfaces
vmbr1 is used for nated ip address with port forwarding
auto vmbr1
iface vmbr1 inet static
address 192.168.51.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
Then I have ip rules
Custom Open Ports
-A PREROUTING -i enp0s3 -p tcp -m multiport --dports 10100:10199 -j DNAT --to-destination 192.168.51.1
-A POSTROUTING -s 192.168.51.0/24 -o enp0s3 -j MASQUERADE
I create lxd container with ip address 192.168.51.1 and everything works.
Now I have second public ip address on enp1s0 so I add vmbr2 in /etc/network/interfaces
vmbr2 is used for nated ip address with port forwarding
auto vmbr2
iface vmbr2 inet static
address 192.168.52.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
And add ip rules
Custom Open Ports
-A PREROUTING -i enp1s0 -p tcp -m multiport --dports 10100:10199 -j DNAT --to-destination 192.168.52.1
-A POSTROUTING -s 192.168.52.0/24 -o enp1s0 -j MASQUERADE
But now LXD container 192.168.52.1 cannot ping 8.8.8.8
And if I do
-A POSTROUTING -s 192.168.52.0/24 -o enp0s3 -j MASQUERADE
LXD container 192.168.52.1 can ping 8.8.8.8
And no port forwarding is working in 192.168.52.1
I think I am missing something basic and may be someone with good networking knowledge can help me
Comments
Are you really sure your IPs are on different interfaces? Shouldn't this be
-i enp0s3 -d YOUR_SECOND_IP
?Yes I am sure I have two interfaces enp0s3 (main public ip) and enp1s0 (second public ip)
Have you confirmed that you have connectivity on the host node even without the iptables rules? (e.g.
ping -I enp1s0/enp0s3 1.1.1.1
)?Thanks, ping -I enp0s3 1.1.1.1 is working but not ping -I enp1s0 1.1.1.1
But this
curl --interface enp1s0 ipecho.net/plain
give me correct my public ip address so I thought it is working