[轉]Proxmox VE - One Public IP
https://raymii.org/s/tutorials/Proxmox_VE_One_Public_IP.html
實例 https://www.facebook.com/groups/pve.tw/permalink/1225387670963125/
楊凱麟
以下也是我目前interfaces的設定
其中1.2.3.x為真實IP
1.2.3.Y為IDC提供的gateway
設置完後再將區網設定填上10.0.0.X (X=0~255)
即可上網,連外網的公共IP會是1.2.3.X
-—network configuration—-
auto lo
iface lo inet loopback
iface eno1 inet manual
auto vmbr0
iface vmbr0 inet static
address 1.2.3.X
netmask 255.255.255.248
network 1.2.3.0
broadcast 1.2.3.255
gateway 1.2.3.Y
bridge_ports eno1
bridge_stp off
bridge_fd 0
auto vmbr1
iface vmbr1 inet static
address 10.0.0.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s ‘10.21.21.0/24’ -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s ‘10.21.21.0/24’ -o vmbr0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp –dport 2222 -j DNAT –to 10.21.21.5:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp –dport 2222 -j DNAT –to 10.21.21.5:22
https://forum.proxmox.com/threads/pfsense-proxmox-5-one-nic.41512/#post-208059
==============
- CSF firewall can focus vmbr2
#############################
https://download.configserver.com/csf/readme.txt11. Multiple Ethernet Devices
If you have multiple ethernet NICs that you want to apply all rules to, then you can set ETH_DEVICE to the interface name immediately followed by a plus sign. For example, eth+ will apply all iptables rules to eth0, eth1, etc.
That said, if you leave ETH_DEVICE blank all rules will be applied to all ethernet devices equally.
#############################
https://www.dmehosting.com/clients/knowledgebase.php?action=displayarticle&id=79&language=chinese
2. Edit /etc/csf/csf.conf, set the following parameters:
ETH_DEVICE = “venet0”
MONOLITHIC_KERNEL = “1”
VERBOSE = “0”
- CSF iptables nat
https://blackonsole.org/how-to-add-nat-iptables-rules-with-csf/
