In this tutorial we are "building on" the previous post - How to "port forward" traffic to NAT on your PVE node.
This tutorial assumes that you followed the above-mentioned tutorial, your NAT subnet is
10.10.10.0/24, the VM's address that runs the webserver in NAT is
10.10.10.100, your node's address on bridge
10.10.10.1 and its address on the bridge
/etc/network/interfaces file to
/etc/network/interfaces.new, open the newly created file with your prefered text editor, add the following lines to the file so it looks something like the following image and "Apply configuration" in your PVE ui > node > System > Network.
Make sure you modify the internal subnet, your public address and your internal server's address and port that you'll be forwarding!
post-up iptables -t nat -A PREROUTING -i vmbr1010 -s 10.10.10.0/24 -d 192.168.1.100 -p tcp --dport 80 -j DNAT --to 10.10.10.100:80
post-down iptables -t nat -D PREROUTING -i vmbr1010 -s 10.10.10.0/24 -d 192.168.1.100 -p tcp --dport 80 -j DNAT --to 10.10.10.100:80
Now you just need to allow incoming traffic to port
80/tcp in your node's firewall configuration in case you have it enabled (which you should) and you're off to the races!