How to "port forward" traffic to NAT on your PVE node background

How to "port forward" traffic to NAT on your PVE node

In this tutorial we are "building" on the previous post - how to setup NAT on your PVE node.

This tutorial assumes that you followed the above-mentioned tutorial, your NAT subnet is 10.10.10.0/24 and your primary virtual interface is vmbr0.

When editing the interfaces file we have to, as noted on the PVE Network doc, copy the original /etc/network/interfaces file to /etc/network/interfaces.new. Open it in your prefered text editor and make sure it looks something like the following.

Add the following two lines right after the NAT forwarding rules, so the contents look as shown bellow. The rule with -A parameter appends itself when the vmbr1010 interface is brought up, the other one removes the port forward when the interface is brought down. You can add multiple instances of these rules if multiple ports need to be forwarded. With the provided rules, we forward all incoming traffic on port 80/tcp to internal host 10.10.10.100:80.

post-up   iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 10.10.10.100:80
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 10.10.10.100:80

We can now go to PVE web ui on node-level network configuration and hit the "Apply Configuration" button. Make sure you have ifupdown2 package installed on the system.

After applying the new configuration we can try connecting to your node's external address on port 80 and it shows the default nginx index page, hosted on VM100.