Skip to content

Instantly share code, notes, and snippets.

@wmantly
Last active Jul 17, 2021
Embed
What would you like to do?
VPS Proxmox

Steps

  • Make a VPS instance. This shouldn have atleast 2 cores and 4gb RAM, 8GB is recomended.
  • Get the public IP/mask and gateway, as well as the MAC address of the interface, if you have private networking, get that info too.
  • Log into control panel of the VPS and find the where the ISO can be set chose proxmox.
  • Reboot the VPS and make a VNC connection via the control panel.
  • Install proxmox with all defualt settings, when it requests netowking info, use the public info from above.
  • When you are in proxmox, perform a update and get everthing upto date.
  • Add a ubuntu 20.04 template for LXC use.
  • Make a LXC container called router.
  • In the router container, enable IP forwarding:
    sysctl -w net.ipv4.ip_forward=1

Network

  • Internal IP network, 10.1.0.0/16
    • Proxmox vmbr0 10.1.0.2
    • Router, LXC 100 net1 eth1 10.1.0.1
    • Proxy, LXC 101, net0 eth0 10.1.0.50
    • Any other IP in 10.1.x.x is fine to use for containers.
arch: amd64
cores: 3
hostname: router
memory: 1024
nameserver: 8.8.8.8
net1: name=eth1,bridge=vmbr0,firewall=1,hwaddr=BE:34:4D:15:AC:37,ip=10.1.0.1/16,type=veth
onboot: 1
ostype: ubuntu
rootfs: local-lvm:vm-100-disk-1,size=8G
searchdomain: 1.1.1.1
swap: 0
tty: 3
unprivileged: 1
lxc.net.0.type: phys
lxc.net.0.flags: up
lxc.net.0.link: ens3
lxc.net.0.name: eth0
lxc.net.0.ipv4.address: 144.172.75.126/24
lxc.net.0.ipv4.gateway: 144.172.75.1

Enable forwarding

sysctl -w net.ipv4.ip_forward=1

netplan YAML, /etc/netplan/99-wan.yaml

network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      addresses:
        - 144.172.75.126/24
      gateway4: 144.172.75.1
      nameservers:
          addresses: [8.8.8.8, 1.1.1.1]

IP table rules

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to 10.1.0.50:80
iptables -A FORWARD -p tcp -d 10.1.0.50 --dport 80 -j ACCEPT

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j DNAT --to 10.1.0.50:443
iptables -A FORWARD -p tcp -d 10.1.0.50 --dport 443 -j ACCEPT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment