Proxmox single IP public with bridge/local network (NAT)

etc-network-interfaces

# source: https://raymii.org/s/tutorials/Proxmox_VE_One_Public_IP.html

iface eth0 inet manual

iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
	address  163.172.103.199
	netmask  255.255.255.0
	gateway  163.172.103.1
	bridge_ports eth0
	bridge_stp off
	bridge_fd 0
	#post-up echo 1 > /proc/sys/net/ipv4/conf/vmbr0/proxy_arp

auto vmbr1
iface vmbr1 inet static
	address  10.0.0.1
	netmask  255.255.255.0
	bridge_ports none
	bridge_stp off
	bridge_fd 0

	post-up echo 1 > /proc/sys/net/ipv4/ip_forward
	#post-down echo 0 > /proc/sys/net/ipv4/ip_forward
	post-up   iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
	post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE

  # Port Forwarding Host to Guest/VM
	post-up   iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2205 -j DNAT --to 10.0.0.5:22
	post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2205 -j DNAT --to 10.0.0.5:22
	post-up   iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 8005 -j DNAT --to 10.0.0.5:8080
	post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 8005 -j DNAT --to 10.0.0.5:8080

magic

# iptables Forwarding in Guest
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 6001 -j DNAT --to 10.0.0.161:6001
iptables -t nat -D PREROUTING -i eth1 -p tcp --dport 6001 -j DNAT --to 10.0.0.161:6001

iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -t nat -D POSTROUTING -j MASQUERADE

Hi, thanks for your code.
Could you please explain the 4 lines in the 'magic' file ?

If you want to use firewall, Add these lines as well:

post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1