How to setup NAT on Proxmox

Proxmox uses bridge networking to provide Internet access to virtual machines, but in a bridge networking you need a public IP for each machine. If you have limited IPs you can use NAT to access Internet on your machines. How ever it is preferable to have a static public IP if you are running public services like apache web server. Today we will see how to setup NAT on proxmox to provide private network for virtual machines.

Step 1: Create a bridge

Login to your proxmox host ssh, and run:

nano /etc/network/interfaces

This is your network configuration file for proxmox, you might see one bridged interface already configured (bridged to your physical interface), paste following at the end of your configuration file

auto vmbr2
#private sub network
iface vmbr2 inet static
address  192.168.1.1
netmask  255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up   iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr1 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr1 -j MASQUERADE

• vmbr2 : This is the bridge name for NAT.
• vmbr1 : This is the interface that was already configured in your network file, adjust the name properly.
• 192.168.1.0/24 : This will be the network we are going to use in our internal network, our usable ips in this network will be:
  • 192.168.1.2-192.168.1.254
  • If you plan to use different network, you can use this site to get help.
• bridge_ports none : Bridge ports here is set to none, since we are not connecting to outside world directly.

You have successfully configured a NAT bridge.

Step 2: Bring up the NAT bridge

You can use this command to bring up the bridge you just created:

ifup vmbr2

This will bring up the bridge.

Step 3: Configure Virtual Machine

As a final step configure your virtual machine to use IP address, since DHCP is not present you will have to manually set IP address. Depending upon your OS you can use following details:

• IP : 192.168.1.2
• Gateway : 192.168.1.1
• Netmask : 255.255.255.0

For further virtual machines you can use these ips:

• 192.168.1.3
• 192.168.1.4
• ..upto 254

For DNS you can use google DNS

• 8.8.8.8
• 8.8.4.4

Step 4 : (Optional) Port forwarding to access from outside world

I am assuming you are working with linux guest. We will access ssh of our guest through public IP of main server.

Run this on proxmox host, we are forwarding host port 3033 to guest port 22. (SSH runs on 22)

iptables -t nat -A PREROUTING -i vmbr1 -p tcp --dport 3033 -j DNAT --to 192.168.1.2:22

Then run following to access guest SSH.

ssh -p 3033 root@ip.of.proxmox.host

It will ask for the password, once provided you will be successfully connected to guest SSH.