How to "port forward" from NAT to NAT on your PVE node

Linux Nov 02, 2020

In this tutorial we are "building on" the previous post - How to "port forward" traffic to NAT on your PVE node.


This tutorial assumes that you followed the above-mentioned tutorial, your NAT subnet is 10.10.10.0/24, the VM's address that runs the webserver in NAT is 10.10.10.100, your node's address on bridge vmbr1010 is 10.10.10.1 and its address on the bridge vmbr0 is 192.2.168.1.100.


Copy the /etc/network/interfaces file to /etc/network/interfaces.new, open the newly created file with your prefered text editor, add the following lines to the file so it looks something like the following image and "Apply configuration" in your PVE ui > node > System > Network.

Make sure you modify the internal subnet, your public address and your internal server's address and port that you'll be forwarding!

post-up iptables -t nat -A PREROUTING -i vmbr1010 -s 10.10.10.0/24 -d 192.168.1.100 -p tcp --dport 80 -j DNAT --to 10.10.10.100:80
post-down iptables -t nat -D PREROUTING -i vmbr1010 -s 10.10.10.0/24 -d 192.168.1.100 -p tcp --dport 80 -j DNAT --to 10.10.10.100:80
internal port forwarding rules
content of file /etc/network/interfaces.new
content of file /etc/network/interfaces.new
PVE ui > node > System > Network
PVE ui > node > System > Network
Network configuration is being applied...
Network configuration is being applied...

Now you just need to allow incoming traffic to port 80/tcp in your node's firewall configuration in case you have it enabled (which you should) and you're off to the races!

Aljaz S.

I am a student and a web developer