OVH Community, your new community space.

proxmox nat help needed


keyjey
11-05-2013, 23:25
No, there's no firewall setup in the server, I just see the forwarding rules:

root@server1:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 10.10.11.2 tcp dpt:25
ACCEPT udp -- 0.0.0.0/0 10.10.11.3 udp dpt:3389

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Myatu
10-05-2013, 22:28
Apart from the gmail IPs, it does appear to establish a connection to a .es server at the end of the output, but at the top, it appears to be rejected. Do you have a firewall setup?

keyjey
08-05-2013, 23:40
Hehe, sorry for the flood !!

keyjey
08-05-2013, 23:40
No ! I changed the IPs for privacity !!! Is not working .... :S

Here's the full log, I tested from 2 other different places, I get same kind of logs, but I never make it work. Never arrive to the VM.

Now I'm pasting the real logs

23:34:51.074036 IP 192.95.18.50.3213 > 188.165.211.42.25: Flags [S], seq 3625548830, win 65535, options [mss 1460,nop,nop,sackOK], length 0
23:34:51.074077 IP 188.165.211.42.25 > 192.95.18.50.3213: Flags [R.], seq 0, ack 3625548831, win 0, length 0
23:34:51.589840 IP 192.95.18.50.3213 > 188.165.211.42.25: Flags [S], seq 3625548830, win 65535, options [mss 1460,nop,nop,sackOK], length 0
23:34:51.589860 IP 188.165.211.42.25 > 192.95.18.50.3213: Flags [R.], seq 0, ack 1, win 0, length 0
23:34:52.151660 IP 192.95.18.50.3213 > 188.165.211.42.25: Flags [S], seq 3625548830, win 65535, options [mss 1460,nop,nop,sackOK], length 0
23:34:52.151803 IP 188.165.211.42.25 > 192.95.18.50.3213: Flags [R.], seq 0, ack 1, win 0, length 0
23:34:59.183898 IP 142.4.210.85.55233 > 188.165.211.42.25: Flags [S], seq 2989856703, win 14600, options [mss 1460,sackOK,TS val 73600626 ecr 0,nop,wscale 7], length 0
23:34:59.183919 IP 188.165.211.42.25 > 142.4.210.85.55233: Flags [R.], seq 0, ack 2989856704, win 0, length 0
23:35:02.186891 IP 178.33.11.66.45693 > 173.194.78.26.25: Flags [S], seq 1839708, win 14600, options [mss 1460,sackOK,TS val 2052809666 ecr 0,nop,wscale 7], length 0
23:35:02.188030 IP 178.33.11.66.45694 > 173.194.78.26.25: Flags [S], seq 2104519258, win 14600, options [mss 1460,sackOK,TS val 2052809667 ecr 0,nop,wscale 7], length 0
23:35:02.188201 IP 178.33.11.66.45695 > 173.194.78.26.25: Flags [S], seq 99721646, win 14600, options [mss 1460,sackOK,TS val 2052809667 ecr 0,nop,wscale 7], length 0
23:35:02.189328 IP 178.33.11.66.45696 > 173.194.78.26.25: Flags [S], seq 3755393998, win 14600, options [mss 1460,sackOK,TS val 2052809668 ecr 0,nop,wscale 7], length 0
23:35:02.196900 IP 173.194.78.26.25 > 178.33.11.66.45693: Flags [S.], seq 1180221616, ack 1839709, win 62392, options [mss 1430,sackOK,TS val 2024334722 ecr 2052809666,nop,wscale 6], length 0
23:35:02.196935 IP 178.33.11.66.45693 > 173.194.78.26.25: Flags [.], ack 1, win 115, options [nop,nop,TS val 2052809676 ecr 2024334722], length 0
23:35:02.198053 IP 173.194.78.26.25 > 178.33.11.66.45695: Flags [S.], seq 2055783959, ack 99721647, win 62392, options [mss 1430,sackOK,TS val 2116564964 ecr 2052809667,nop,wscale 6], length 0
23:35:02.198077 IP 178.33.11.66.45695 > 173.194.78.26.25: Flags [.], ack 1, win 115, options [nop,nop,TS val 2052809677 ecr 2116564964], length 0
23:35:02.198319 IP 173.194.78.26.25 > 178.33.11.66.45694: Flags [S.], seq 588606426, ack 2104519259, win 62392, options [mss 1430,sackOK,TS val 2397612357 ecr 2052809667,nop,wscale 6], length 0
23:35:02.198338 IP 178.33.11.66.45694 > 173.194.78.26.25: Flags [.], ack 1, win 115, options [nop,nop,TS val 2052809677 ecr 2397612357], length 0
23:35:02.199346 IP 173.194.78.26.25 > 178.33.11.66.45696: Flags [S.], seq 2317814592, ack 3755393999, win 62392, options [mss 1430,sackOK,TS val 1890936662 ecr 2052809668,nop,wscale 6], length 0
23:35:02.199371 IP 178.33.11.66.45696 > 173.194.78.26.25: Flags [.], ack 1, win 115, options [nop,nop,TS val 2052809678 ecr 1890936662], length 0
23:35:02.208087 IP 173.194.78.26.25 > 178.33.11.66.45693: Flags [P.], seq 1:51, ack 1, win 975, options [nop,nop,TS val 2024334733 ecr 2052809676], length 50
23:35:02.208132 IP 178.33.11.66.45693 > 173.194.78.26.25: Flags [.], ack 51, win 115, options [nop,nop,TS val 2052809687 ecr 2024334733], length 0
23:35:02.208162 IP 178.33.11.66.45693 > 173.194.78.26.25: Flags [P.], seq 1:17, ack 51, win 115, options [nop,nop,TS val 2052809687 ecr 2024334733], length 16
23:35:02.208522 IP 173.194.78.26.25 > 178.33.11.66.45695: Flags [P.], seq 1:52, ack 1, win 975, options [nop,nop,TS val 2116564974 ecr 2052809677], length 51
23:35:02.208543 IP 178.33.11.66.45695 > 173.194.78.26.25: Flags [.], ack 52, win 115, options [nop,nop,TS val 2052809688 ecr 2116564974], length 0
23:35:02.208575 IP 178.33.11.66.45695 > 173.194.78.26.25: Flags [P.], seq 1:17, ack 52, win 115, options [nop,nop,TS val 2052809688 ecr 2116564974], length 16
23:35:02.209205 IP 173.194.78.26.25 > 178.33.11.66.45694: Flags [P.], seq 1:51, ack 1, win 975, options [nop,nop,TS val 2397612368 ecr 2052809677], length 50
23:35:02.209236 IP 178.33.11.66.45694 > 173.194.78.26.25: Flags [.], ack 51, win 115, options [nop,nop,TS val 2052809688 ecr 2397612368], length 0
23:35:02.209320 IP 178.33.11.66.45694 > 173.194.78.26.25: Flags [P.], seq 1:17, ack 51, win 115, options [nop,nop,TS val 2052809688 ecr 2397612368], length 16
23:35:02.210566 IP 173.194.78.26.25 > 178.33.11.66.45696: Flags [P.], seq 1:54, ack 1, win 975, options [nop,nop,TS val 1890936673 ecr 2052809678], length 53
23:35:02.210598 IP 178.33.11.66.45696 > 173.194.78.26.25: Flags [.], ack 54, win 115, options [nop,nop,TS val 2052809690 ecr 1890936673], length 0
23:35:02.210724 IP 178.33.11.66.45696 > 173.194.78.26.25: Flags [P.], seq 1:17, ack 54, win 115, options [nop,nop,TS val 2052809690 ecr 1890936673], length 16
23:35:02.218215 IP 173.194.78.26.25 > 178.33.11.66.45693: Flags [.], ack 17, win 975, options [nop,nop,TS val 2024334743 ecr 2052809687], length 0
23:35:02.218238 IP 173.194.78.26.25 > 178.33.11.66.45695: Flags [.], ack 17, win 975, options [nop,nop,TS val 2116564984 ecr 2052809688], length 0
23:35:02.218521 IP 173.194.78.26.25 > 178.33.11.66.45693: Flags [P.], seq 51:190, ack 17, win 975, options [nop,nop,TS val 2024334743 ecr 2052809687], length 139
23:35:02.218594 IP 178.33.11.66.45693 > 173.194.78.26.25: Flags [P.], seq 17:27, ack 190, win 123, options [nop,nop,TS val 2052809698 ecr 2024334743], length 10
23:35:02.218730 IP 173.194.78.26.25 > 178.33.11.66.45695: Flags [P.], seq 52:191, ack 17, win 975, options [nop,nop,TS val 2116564984 ecr 2052809688], length 139
23:35:02.218792 IP 178.33.11.66.45695 > 173.194.78.26.25: Flags [P.], seq 17:27, ack 191, win 123, options [nop,nop,TS val 2052809698 ecr 2116564984], length 10
23:35:02.219451 IP 173.194.78.26.25 > 178.33.11.66.45694: Flags [.], ack 17, win 975, options [nop,nop,TS val 2397612378 ecr 2052809688], length 0
23:35:02.219855 IP 173.194.78.26.25 > 178.33.11.66.45694: Flags [P.], seq 51:190, ack 17, win 975, options [nop,nop,TS val 2397612378 ecr 2052809688], length 139
23:35:02.219911 IP 178.33.11.66.45694 > 173.194.78.26.25: Flags [P.], seq 17:27, ack 190, win 123, options [nop,nop,TS val 2052809699 ecr 2397612378], length 10
23:35:02.221008 IP 173.194.78.26.25 > 178.33.11.66.45696: Flags [.], ack 17, win 975, options [nop,nop,TS val 1890936684 ecr 2052809690], length 0
23:35:02.221457 IP 173.194.78.26.25 > 178.33.11.66.45696: Flags [P.], seq 54:193, ack 17, win 975, options [nop,nop,TS val 1890936684 ecr 2052809690], length 139
23:35:02.221558 IP 178.33.11.66.45696 > 173.194.78.26.25: Flags [P.], seq 17:27, ack 193, win 123, options [nop,nop,TS val 2052809701 ecr 1890936684], length 10
23:35:02.228827 IP 173.194.78.26.25 > 178.33.11.66.45693: Flags [P.], seq 190:220, ack 27, win 975, options [nop,nop,TS val 2024334753 ecr 2052809698], length 30
23:35:02.229150 IP 173.194.78.26.25 > 178.33.11.66.45695: Flags [P.], seq 191:221, ack 27, win 975, options [nop,nop,TS val 2116564995 ecr 2052809698], length 30
23:35:02.230578 IP 173.194.78.26.25 > 178.33.11.66.45694: Flags [P.], seq 190:220, ack 27, win 975, options [nop,nop,TS val 2397612389 ecr 2052809699], length 30
23:35:02.231921 IP 173.194.78.26.25 > 178.33.11.66.45696: Flags [P.], seq 193:223, ack 27, win 975, options [nop,nop,TS val 1890936695 ecr 2052809701], length 30
23:35:02.261986 IP 178.33.11.66.45693 > 173.194.78.26.25: Flags [P.], seq 27:115, ack 220, win 123, options [nop,nop,TS val 2052809741 ecr 2024334753], length 88
23:35:02.268735 IP 178.33.11.66.45695 > 173.194.78.26.25: Flags [.], ack 221, win 123, options [nop,nop,TS val 2052809748 ecr 2116564995], length 0
23:35:02.270012 IP 178.33.11.66.45694 > 173.194.78.26.25: Flags [P.], seq 27:115, ack 220, win 123, options [nop,nop,TS val 2052809749 ecr 2397612389], length 88
23:35:02.271471 IP 178.33.11.66.45696 > 173.194.78.26.25: Flags [.], ack 223, win 123, options [nop,nop,TS val 2052809751 ecr 1890936695], length 0
23:35:02.272522 IP 173.194.78.26.25 > 178.33.11.66.45693: Flags [.], seq 220:1638, ack 115, win 975, options [nop,nop,TS val 2024334797 ecr 2052809741], length 1418
23:35:02.272772 IP 173.194.78.26.25 > 178.33.11.66.45693: Flags [P.], seq 1638:1923, ack 115, win 975, options [nop,nop,TS val 2024334797 ecr 2052809741], length 285
23:35:02.272806 IP 178.33.11.66.45693 > 173.194.78.26.25: Flags [.], ack 1923, win 167, options [nop,nop,TS val 2052809752 ecr 2024334797], length 0
23:35:02.273259 IP 178.33.11.66.45693 > 173.194.78.26.25: Flags [P.], seq 115:301, ack 1923, win 167, options [nop,nop,TS val 2052809752 ecr 2024334797], length 186
23:35:02.274041 IP 178.33.11.66.45696 > 173.194.78.26.25: Flags [P.], seq 27:115, ack 223, win 123, options [nop,nop,TS val 2052809753 ecr 1890936695], length 88
23:35:02.279356 IP 178.33.11.66.45695 > 173.194.78.26.25: Flags [P.], seq 27:115, ack 221, win 123, options [nop,nop,TS val 2052809758 ecr 2116564995], length 88
23:35:02.280854 IP 173.194.78.26.25 > 178.33.11.66.45694: Flags [.], seq 220:1638, ack 115, win 975, options [nop,nop,TS val 2397612439 ecr 2052809749], length 1418
23:35:02.280874 IP 173.194.78.26.25 > 178.33.11.66.45694: Flags [P.], seq 1638:1923, ack 115, win 975, options [nop,nop,TS val 2397612439 ecr 2052809749], length 285
23:35:02.280920 IP 178.33.11.66.45694 > 173.194.78.26.25: Flags [.], ack 1923, win 167, options [nop,nop,TS val 2052809760 ecr 2397612439], length 0
23:35:02.281490 IP 178.33.11.66.45694 > 173.194.78.26.25: Flags [P.], seq 115:301, ack 1923, win 167, options [nop,nop,TS val 2052809761 ecr 2397612439], length 186
23:35:02.284325 IP 173.194.78.26.25 > 178.33.11.66.45693: Flags [P.], seq 1923:1970, ack 301, win 992, options [nop,nop,TS val 2024334809 ecr 2052809752], length 47
23:35:02.284542 IP 178.33.11.66.45693 > 173.194.78.26.25: Flags [P.], seq 301:342, ack 1970, win 167, options [nop,nop,TS val 2052809764 ecr 2024334809], length 41
23:35:02.284791 IP 173.194.78.26.25 > 178.33.11.66.45696: Flags [.], seq 223:1641, ack 115, win 975, options [nop,nop,TS val 1890936748 ecr 2052809753], length 1418
23:35:02.284812 IP 173.194.78.26.25 > 178.33.11.66.45696: Flags [P.], seq 1641:1926, ack 115, win 975, options [nop,nop,TS val 1890936748 ecr 2052809753], length 285
23:35:02.284862 IP 178.33.11.66.45696 > 173.194.78.26.25: Flags [.], ack 1641, win 145, options [nop,nop,TS val 2052809764 ecr 1890936748], length 0
23:35:02.284871 IP 178.33.11.66.45696 > 173.194.78.26.25: Flags [.], ack 1926, win 167, options [nop,nop,TS val 2052809764 ecr 1890936748], length 0
23:35:02.285438 IP 178.33.11.66.45696 > 173.194.78.26.25: Flags [P.], seq 115:301, ack 1926, win 167, options [nop,nop,TS val 2052809765 ecr 1890936748], length 186
23:35:02.289646 IP 173.194.78.26.25 > 178.33.11.66.45695: Flags [.], seq 221:1639, ack 115, win 975, options [nop,nop,TS val 2116565055 ecr 2052809758], length 1418
23:35:02.289703 IP 173.194.78.26.25 > 178.33.11.66.45695: Flags [P.], seq 1639:1924, ack 115, win 975, options [nop,nop,TS val 2116565055 ecr 2052809758], length 285
23:35:02.289715 IP 178.33.11.66.45695 > 173.194.78.26.25: Flags [.], ack 1639, win 145, options [nop,nop,TS val 2052809769 ecr 2116565055], length 0
23:35:02.289751 IP 178.33.11.66.45695 > 173.194.78.26.25: Flags [.], ack 1924, win 167, options [nop,nop,TS val 2052809769 ecr 2116565055], length 0
23:35:02.290500 IP 178.33.11.66.45695 > 173.194.78.26.25: Flags [P.], seq 115:301, ack 1924, win 167, options [nop,nop,TS val 2052809770 ecr 2116565055], length 186
23:35:02.292737 IP 173.194.78.26.25 > 178.33.11.66.45694: Flags [P.], seq 1923:1970, ack 301, win 992, options [nop,nop,TS val 2397612451 ecr 2052809761], length 47
23:35:02.292895 IP 178.33.11.66.45694 > 173.194.78.26.25: Flags [P.], seq 301:342, ack 1970, win 167, options [nop,nop,TS val 2052809772 ecr 2397612451], length 41
23:35:02.295014 IP 173.194.78.26.25 > 178.33.11.66.45693: Flags [P.], seq 1970:2120, ack 342, win 992, options [nop,nop,TS val 2024334820 ecr 2052809764], length 150
23:35:02.295098 IP 178.33.11.66.45693 > 173.194.78.26.25: Flags [P.], seq 342:434, ack 2120, win 189, options [nop,nop,TS val 2052809774 ecr 2024334820], length 92
23:35:02.296621 IP 173.194.78.26.25 > 178.33.11.66.45696: Flags [P.], seq 1926:1973, ack 301, win 992, options [nop,nop,TS val 1890936760 ecr 2052809765], length 47
23:35:02.296770 IP 178.33.11.66.45696 > 173.194.78.26.25: Flags [P.], seq 301:342, ack 1973, win 167, options [nop,nop,TS val 2052809776 ecr 1890936760], length 41
23:35:02.300935 IP 173.194.78.26.25 > 178.33.11.66.45695: Flags [P.], seq 1924:1971, ack 301, win 992, options [nop,nop,TS val 2116565067 ecr 2052809770], length 47
23:35:02.301058 IP 178.33.11.66.45695 > 173.194.78.26.25: Flags [P.], seq 301:342, ack 1971, win 167, options [nop,nop,TS val 2052809780 ecr 2116565067], length 41
23:35:02.303596 IP 173.194.78.26.25 > 178.33.11.66.45694: Flags [P.], seq 1970:2120, ack 342, win 992, options [nop,nop,TS val 2397612462 ecr 2052809772], length 150
23:35:02.303705 IP 178.33.11.66.45694 > 173.194.78.26.25: Flags [P.], seq 342:434, ack 2120, win 189, options [nop,nop,TS val 2052809783 ecr 2397612462], length 92
23:35:02.305690 IP 173.194.78.26.25 > 178.33.11.66.45693: Flags [P.], seq 2120:2184, ack 434, win 992, options [nop,nop,TS val 2024334830 ecr 2052809774], length 64
23:35:02.307560 IP 173.194.78.26.25 > 178.33.11.66.45696: Flags [P.], seq 1973:2123, ack 342, win 992, options [nop,nop,TS val 1890936770 ecr 2052809776], length 150
23:35:02.307687 IP 178.33.11.66.45696 > 173.194.78.26.25: Flags [P.], seq 342:434, ack 2123, win 189, options [nop,nop,TS val 2052809787 ecr 1890936770], length 92
23:35:02.311199 IP 173.194.78.26.25 > 178.33.11.66.45695: Flags [P.], seq 1971:2121, ack 342, win 992, options [nop,nop,TS val 2116565077 ecr 2052809780], length 150
23:35:02.311318 IP 178.33.11.66.45695 > 173.194.78.26.25: Flags [P.], seq 342:434, ack 2121, win 189, options [nop,nop,TS val 2052809790 ecr 2116565077], length 92
23:35:02.314633 IP 173.194.78.26.25 > 178.33.11.66.45694: Flags [P.], seq 2120:2184, ack 434, win 992, options [nop,nop,TS val 2397612473 ecr 2052809783], length 64
23:35:02.318602 IP 173.194.78.26.25 > 178.33.11.66.45696: Flags [P.], seq 2123:2190, ack 434, win 992, options [nop,nop,TS val 1890936782 ecr 2052809787], length 67
23:35:02.321697 IP 173.194.78.26.25 > 178.33.11.66.45695: Flags [P.], seq 2121:2186, ack 434, win 992, options [nop,nop,TS val 2116565087 ecr 2052809790], length 65
23:35:02.345395 IP 178.33.11.66.45693 > 173.194.78.26.25: Flags [.], ack 2184, win 189, options [nop,nop,TS val 2052809825 ecr 2024334830], length 0
23:35:02.354426 IP 178.33.11.66.45694 > 173.194.78.26.25: Flags [.], ack 2184, win 189, options [nop,nop,TS val 2052809834 ecr 2397612473], length 0
23:35:02.358489 IP 178.33.11.66.45696 > 173.194.78.26.25: Flags [.], ack 2190, win 189, options [nop,nop,TS val 2052809838 ecr 1890936782], length 0
23:35:02.361744 IP 178.33.11.66.45695 > 173.194.78.26.25: Flags [.], ack 2186, win 189, options [nop,nop,TS val 2052809841 ecr 2116565087], length 0
23:35:02.591686 IP 188.165.208.251.57479 > 94.23.86.209.25: Flags [S], seq 755906796, win 5840, options [mss 1460,sackOK,TS val 782914464 ecr 0,nop,wscale 9], length 0
23:35:02.591816 IP 94.23.86.209.25 > 188.165.208.251.57479: Flags [S.], seq 117829115, ack 755906797, win 16384, options [mss 1460,nop,wscale 0,nop,nop,TS val 0 ecr 0,nop,nop,sackOK], length 0
23:35:02.592084 IP 188.165.208.251.57479 > 94.23.86.209.25: Flags [.], ack 1, win 12, options [nop,nop,TS val 782914464 ecr 0], length 0
23:35:02.601782 IP 94.23.86.209.25 > 188.165.208.251.57479: Flags [P.], seq 1:78, ack 1, win 65535, options [nop,nop,TS val 20526250 ecr 782914464], length 77
23:35:02.602792 IP 188.165.208.251.57479 > 94.23.86.209.25: Flags [.], ack 78, win 12, options [nop,nop,TS val 782914467 ecr 20526250], length 0
23:35:02.652467 IP 173.194.78.26.25 > 178.33.11.66.45694: Flags [P.], seq 2184:2288, ack 434, win 992, options [nop,nop,TS val 2397612811 ecr 2052809834], length 104
23:35:02.652510 IP 178.33.11.66.45694 > 173.194.78.26.25: Flags [.], ack 2288, win 189, options [nop,nop,TS val 2052810132 ecr 2397612811], length 0
23:35:02.652625 IP 178.33.11.66.45694 > 173.194.78.26.25: Flags [P.], seq 434:1721, ack 2288, win 189, options [nop,nop,TS val 2052810132 ecr 2397612811], length 1287
23:35:02.652855 IP 173.194.78.26.25 > 178.33.11.66.45696: Flags [P.], seq 2190:2300, ack 434, win 992, options [nop,nop,TS val 1890937116 ecr 2052809838], length 110
23:35:02.652876 IP 178.33.11.66.45696 > 173.194.78.26.25: Flags [.], ack 2300, win 189, options [nop,nop,TS val 2052810132 ecr 1890937116], length 0
23:35:02.652962 IP 178.33.11.66.45696 > 173.194.78.26.25: Flags [P.], seq 434:1769, ack 2300, win 189, options [nop,nop,TS val 2052810132 ecr 1890937116], length 1335
23:35:02.686272 IP 173.194.78.26.25 > 178.33.11.66.45696: Flags [P.], seq 2300:2378, ack 1769, win 1002, options [nop,nop,TS val 1890937149 ecr 2052810132], length 78
23:35:02.695979 IP 173.194.78.26.25 > 178.33.11.66.45693: Flags [P.], seq 2184:2288, ack 434, win 992, options [nop,nop,TS val 2024335221 ecr 2052809825], length 104
23:35:02.696015 IP 178.33.11.66.45693 > 173.194.78.26.25: Flags [.], ack 2288, win 189, options [nop,nop,TS val 2052810175 ecr 2024335221], length 0
23:35:02.696195 IP 178.33.11.66.45693 > 173.194.78.26.25: Flags [P.], seq 434:1721, ack 2288, win 189, options [nop,nop,TS val 2052810175 ecr 2024335221], length 1287
23:35:02.701340 IP 178.33.11.66.45696 > 173.194.78.26.25: Flags [P.], seq 1769:1800, ack 2378, win 189, options [nop,nop,TS val 2052810180 ecr 1890937149], length 31
23:35:02.701434 IP 178.33.11.66.45696 > 173.194.78.26.25: Flags [P.], seq 1800:1827, ack 2378, win 189, options [nop,nop,TS val 2052810181 ecr 1890937149], length 27
23:35:02.701493 IP 178.33.11.66.45696 > 173.194.78.26.25: Flags [F.], seq 1827, ack 2378, win 189, options [nop,nop,TS val 2052810181 ecr 1890937149], length 0
23:35:02.702014 IP 173.194.78.26.25 > 178.33.11.66.45694: Flags [.], ack 1721, win 1002, options [nop,nop,TS val 2397612861 ecr 2052810132], length 0
23:35:02.707501 IP 173.194.78.26.25 > 178.33.11.66.45695: Flags [P.], seq 2186:2292, ack 434, win 992, options [nop,nop,TS val 2116565473 ecr 2052809841], length 106
23:35:02.707535 IP 178.33.11.66.45695 > 173.194.78.26.25: Flags [.], ack 2292, win 189, options [nop,nop,TS val 2052810187 ecr 2116565473], length 0
23:35:02.707628 IP 178.33.11.66.45695 > 173.194.78.26.25: Flags [P.], seq 434:1769, ack 2292, win 189, options [nop,nop,TS val 2052810187 ecr 2116565473], length 1335
23:35:02.711494 IP 173.194.78.26.25 > 178.33.11.66.45696: Flags [.], ack 1827, win 1002, options [nop,nop,TS val 1890937174 ecr 2052810180], length 0
23:35:02.711745 IP 173.194.78.26.25 > 178.33.11.66.45696: Flags [P.], seq 2378:2461, ack 1828, win 1002, options [nop,nop,TS val 1890937174 ecr 2052810181], length 83
23:35:02.711758 IP 173.194.78.26.25 > 178.33.11.66.45696: Flags [F.], seq 2461, ack 1828, win 1002, options [nop,nop,TS val 1890937174 ecr 2052810181], length 0
23:35:02.711783 IP 178.33.11.66.45696 > 173.194.78.26.25: Flags [R], seq 3755395826, win 0, length 0
23:35:02.711789 IP 178.33.11.66.45696 > 173.194.78.26.25: Flags [R], seq 3755395826, win 0, length 0
23:35:02.724515 IP 173.194.78.26.25 > 178.33.11.66.45694: Flags [P.], seq 2288:2363, ack 1721, win 1002, options [nop,nop,TS val 2397612883 ecr 2052810132], length 75
23:35:02.726880 IP 178.33.11.66.45694 > 173.194.78.26.25: Flags [P.], seq 1721:1752, ack 2363, win 189, options [nop,nop,TS val 2052810206 ecr 2397612883], length 31
23:35:02.726926 IP 178.33.11.66.45694 > 173.194.78.26.25: Flags [P.], seq 1752:1779, ack 2363, win 189, options [nop,nop,TS val 2052810206 ecr 2397612883], length 27
23:35:02.727001 IP 178.33.11.66.45694 > 173.194.78.26.25: Flags [F.], seq 1779, ack 2363, win 189, options [nop,nop,TS val 2052810206 ecr 2397612883], length 0
23:35:02.730400 IP 173.194.78.26.25 > 178.33.11.66.45693: Flags [P.], seq 2288:2363, ack 1721, win 1002, options [nop,nop,TS val 2024335255 ecr 2052810175], length 75
23:35:02.733127 IP 173.194.78.26.25 > 178.33.11.66.45695: Flags [P.], seq 2292:2368, ack 1769, win 1002, options [nop,nop,TS val 2116565499 ecr 2052810187], length 76
23:35:02.733369 IP 178.33.11.66.45693 > 173.194.78.26.25: Flags [P.], seq 1721:1752, ack 2363, win 189, options [nop,nop,TS val 2052810212 ecr 2024335255], length 31
23:35:02.733403 IP 178.33.11.66.45693 > 173.194.78.26.25: Flags [P.], seq 1752:1779, ack 2363, win 189, options [nop,nop,TS val 2052810212 ecr 2024335255], length 27
23:35:02.733517 IP 178.33.11.66.45693 > 173.194.78.26.25: Flags [F.], seq 1779, ack 2363, win 189, options [nop,nop,TS val 2052810212 ecr 2024335255], length 0
23:35:02.735407 IP 178.33.11.66.45695 > 173.194.78.26.25: Flags [P.], seq 1769:1800, ack 2368, win 189, options [nop,nop,TS val 2052810214 ecr 2116565499], length 31
23:35:02.735439 IP 178.33.11.66.45695 > 173.194.78.26.25: Flags [P.], seq 1800:1827, ack 2368, win 189, options [nop,nop,TS val 2052810214 ecr 2116565499], length 27
23:35:02.735533 IP 178.33.11.66.45695 > 173.194.78.26.25: Flags [F.], seq 1827, ack 2368, win 189, options [nop,nop,TS val 2052810214 ecr 2116565499], length 0
23:35:02.737208 IP 173.194.78.26.25 > 178.33.11.66.45694: Flags [.], ack 1752, win 1002, options [nop,nop,TS val 2397612896 ecr 2052810206], length 0
23:35:02.737224 IP 173.194.78.26.25 > 178.33.11.66.45694: Flags [.], ack 1752, win 1002, options [nop,nop,TS val 2397612896 ecr 2052810206,nop,nop,sack 1 {1779:1780}], length 0
23:35:02.737230 IP 173.194.78.26.25 > 178.33.11.66.45694: Flags [.], ack 1780, win 1002, options [nop,nop,TS val 2397612896 ecr 2052810206], length 0
23:35:02.737719 IP 173.194.78.26.25 > 178.33.11.66.45694: Flags [P.], seq 2363:2443, ack 1780, win 1002, options [nop,nop,TS val 2397612896 ecr 2052810206], length 80
23:35:02.737730 IP 173.194.78.26.25 > 178.33.11.66.45694: Flags [F.], seq 2443, ack 1780, win 1002, options [nop,nop,TS val 2397612896 ecr 2052810206], length 0
23:35:02.737752 IP 178.33.11.66.45694 > 173.194.78.26.25: Flags [R], seq 2104521038, win 0, length 0
23:35:02.737757 IP 178.33.11.66.45694 > 173.194.78.26.25: Flags [R], seq 2104521038, win 0, length 0
23:35:02.743426 IP 173.194.78.26.25 > 178.33.11.66.45693: Flags [.], ack 1721, win 1002, options [nop,nop,TS val 2024335268 ecr 2052810175,nop,nop,sack 1 {1752:1779}], length 0
23:35:02.743442 IP 173.194.78.26.25 > 178.33.11.66.45693: Flags [.], ack 1779, win 1002, options [nop,nop,TS val 2024335268 ecr 2052810212], length 0
23:35:02.743904 IP 173.194.78.26.25 > 178.33.11.66.45693: Flags [F.], seq 2363, ack 1780, win 1002, options [nop,nop,TS val 2024335268 ecr 2052810212], length 0
23:35:02.743933 IP 178.33.11.66.45693 > 173.194.78.26.25: Flags [.], ack 2364, win 189, options [nop,nop,TS val 2052810223 ecr 2024335268], length 0
23:35:02.745244 IP 173.194.78.26.25 > 178.33.11.66.45695: Flags [.], ack 1827, win 1002, options [nop,nop,TS val 2116565511 ecr 2052810214], length 0
23:35:02.745533 IP 173.194.78.26.25 > 178.33.11.66.45695: Flags [F.], seq 2368, ack 1828, win 1002, options [nop,nop,TS val 2116565511 ecr 2052810214], length 0
23:35:02.745560 IP 178.33.11.66.45695 > 173.194.78.26.25: Flags [.], ack 2369, win 189, options [nop,nop,TS val 2052810224 ecr 2116565511], length 0
23:35:02.886817 IP 188.165.208.251.57479 > 94.23.86.209.25: Flags [F.], seq 1, ack 78, win 12, options [nop,nop,TS val 782914538 ecr 20526250], length 0
23:35:02.887011 IP 94.23.86.209.25 > 188.165.208.251.57479: Flags [.], ack 2, win 65535, options [nop,nop,TS val 20526253 ecr 782914538], length 0
23:35:02.887438 IP 94.23.86.209.25 > 188.165.208.251.57479: Flags [F.], seq 78, ack 2, win 65535, options [nop,nop,TS val 20526253 ecr 782914538], length 0
23:35:02.887979 IP 188.165.208.251.57479 > 94.23.86.209.25: Flags [.], ack 79, win 12, options [nop,nop,TS val 782914538 ecr 20526253], length 0

153 packets captured
153 packets received by filter
0 packets dropped by kernel

Myatu
08-05-2013, 23:32
That looks alright. You should be able to do the same on the VM itself, but then using the 'eth' or 'venet' device as appropriate.

Though... I've tried the IP address of the tcpdump as well as the ip failover, and both appear to connect to an SMTP server. So it could be a case where your ISP may have blocked access to port 25 (as many do nowadays).

keyjey
08-05-2013, 23:25
Hi, I see something !

This what I get:

root@server1 /data # tcpdump -n -i vmbr0 tcp port 25
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vmbr0, link-type EN10MB (Ethernet), capture size 65535 bytes
23:22:01.241610 IP 201.37.203.89.62497 > 188.165.212.72.25: Flags [S], seq 2517472864, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
23:22:01.241642 IP 188.165.212.72.25 > 201.37.203.89.62497: Flags [R.], seq 0, ack 2517472865, win 0, length 0
23:22:04.243537 IP 201.37.203.89.62497 > 188.165.212.72.25: Flags [S], seq 2517472864, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
23:22:04.243567 IP 188.165.212.72.25 > 201.37.203.89.62497: Flags [R.], seq 0, ack 1, win 0, length 0
23:22:10.235517 IP 201.37.203.89.62497 > 188.165.212.72.25: Flags [S], seq 2517472864, win 8192, options [mss 1460,nop,nop,sackOK], length 0
23:22:10.235536 IP 188.165.212.72.25 > 201.37.203.89.62497: Flags [R.], seq 0, ack 1, win 0, length 0
^C
6 packets captured
6 packets received by filter
0 packets dropped by kernel

Myatu
08-05-2013, 23:09
Using 'tcpdump', say 'tcpdump -n -i vmbr0 tcp port 25', you can see where the bucket stops. Ie., are you actualy receiving anything on port 25 to begin with...

keyjey
08-05-2013, 03:25
Hi, I have this same configuration, private IPs are working fine, also NAT, since all VMs can see internet from the private IP and using vmbr0, I can't get any incoming port from vmbr0 go to the private VM IP

I tried this:

iptables -t nat -A PREROUTING -p tcp -d 142.4.210.85 --dport 25 -j DNAT --to-destination 10.10.11.2:25

and this (suggested by Myatu here):

iptables -t nat -A PREROUTING -p tcp -d 142.4.210.85 --dport 25 -j DNAT --to-destination 10.10.11.2

And none of both works.

Any tip ?

Thanks

DigitalDaz
01-12-2012, 00:24
Thanks

I'm sure I'll use that config one day.

Myatu
30-11-2012, 17:56
Quote Originally Posted by macole111
Why don't you say thanks?
Thanks!

macole111
30-11-2012, 17:35
Why don't you say thanks?

-macole111

0poundhosting
29-11-2012, 22:28
working

/close

Myatu
29-11-2012, 21:40
Well, since it's almost Christmas...

Changes are in red:

Code:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# for Routing
auto vmbr1
iface vmbr1 inet static
        address 192.168.2.1
        network 255.255.255.0
        broadcast 192.168.2.255
        bridge_ports dummy0
        bridge_stp off
        bridge_fd 0


# vmbr0: Bridging. Make sure to use only MAC adresses that were assigned to you.
auto vmbr0
iface vmbr0 inet static

        netmask 255.255.255.0
        network 91.121.175.0
        broadcast 91.121.175.255
        gateway 91.121.175.254
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
        up ip addr add fa.il.ov.er/32 dev vmbr0
        down ip addr del fa.il.ov.er/32 dev vmbr0

iface vmbr0 inet6 static
        address 2001:41D0:1:F0a7::1
        netmask 64
        post-up /sbin/ip -f inet6 route add 2001:41D0:1:F0ff:ff:ff:ff:ff dev vm$
        post-up /sbin/ip -f inet6 route add default via 2001:41D0:1:F0ff:ff:ff:$
        pre-down /sbin/ip -f inet6 route del default via 2001:41D0:1:F0ff:ff:ff$
        pre-down /sbin/ip -f inet6 route del 2001:41D0:1:F0ff:ff:ff:ff:ff dev v$

iface
Make sure to replace fa.il.ov.er accordingly, and that you can ping the failover IP address. You can even add this from the command line, so you can test it before you edit the /etc/network/interfaces file:

Code:
ip addr add fa.il.ov.er/32 dev vmbr0
After it has all been configured and you've restarted your networking, vmbr1 will act as your "private network" for your VM's. So simply add a NIC to your VM attached to "vmbr1". The VM will need to be assigned an IP between 192.168.2.2 and 192.168.2.254, gateway 192.168.2.1, netmask 255.255.255.0 and broadcast (if asked) 192.168.2.255. Any other VM on the same vmbr1 bridge can communicate with eachother using the 192.168.2.x address assigned to them.

So now all you have to do on the host, is create an iptables DNAT rule, that forwards from the failover IP to one of those private IPs. Example:

Code:
iptables -t nat -A PREROUTING -p tcp -d fa.il.ov.er --dport 80 -j DNAT --to-destination 192.168.2.2
This will forward fa.il.ov.er:80 (www) to VM 192.168.2.2 (same port).

0poundhosting
29-11-2012, 18:14
hares my network interface file:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# for Routing
auto vmbr1
iface vmbr1 inet manual
post-up /etc/pve/kvm-networking.sh
bridge_ports dummy0
bridge_stp off
bridge_fd 0


# vmbr0: Bridging. Make sure to use only MAC adresses that were assigned to you.
auto vmbr0
iface vmbr0 inet static

netmask 255.255.255.0
network 91.121.175.0
broadcast 91.121.175.255
gateway 91.121.175.254
bridge_ports eth0
bridge_stp off
bridge_fd 0

iface vmbr0 inet6 static
address 2001:41D0:1:F0a7::1
netmask 64
post-up /sbin/ip -f inet6 route add 2001:41D0:1:F0ff:ff:ff:ff:ff dev vm$
post-up /sbin/ip -f inet6 route add default via 2001:41D0:1:F0ff:ff:ff:$
pre-down /sbin/ip -f inet6 route del default via 2001:41D0:1:F0ff:ff:ff$
pre-down /sbin/ip -f inet6 route del 2001:41D0:1:F0ff:ff:ff:ff:ff dev v$

macole111
29-11-2012, 17:59
I think the general idea is that people here should help point you in the right direction, try googleing around. You are expecting people to do your work for you, we can help but I doubt that anyone will send you the completed file.

-macole111

0poundhosting
29-11-2012, 17:48
anyone?

0poundhosting
29-11-2012, 13:26
can i please have an exsample config file?

DigitalDaz
28-11-2012, 23:33
...the man came

Myatu
28-11-2012, 22:39
In a nutshell: If you want to use both the main IP and failover IP on the host, then that's where you assign it

If you have vmbr0 as the public bridge, then give vmbr1 its own private range (192.168.x.x, 10.x.x.x, or etc.). Then give the VM a NIC that's attached on vmbr1, and provide it with a private IP (ie. 10.1.2.3, using the IP assigned to vmbr1 as the gateway). On the host you can now create iptable rules that forward a port from the failover IP to the private IP - ie., port 80 to VM 10.1.2.3, port 3306 to VM 10.2.3.4, etc.

DigitalDaz
28-11-2012, 20:51
I don't personally know how to achieve this but I know a man who probably does and he will probably come to your assistance soon...

Guessing, I would just say add the failover IP to one of the interfaces and use as normal.

0poundhosting
28-11-2012, 20:38
i want to do nat to do a shared ip address across vpses

makno
28-11-2012, 19:59
can you provide more details as to what you need to do?

0poundhosting
28-11-2012, 18:49
i have a install of proxmox ve 2.2 on a dedicated server

and i have 1 ip and 1 failover ip

i know i need the failover to do nat

please help