I have following setup:
Proxmox Host dedicated server with one public IP and installed IPTables and bunch of Virtual Machines with docker installed.
I use iptables to port forward port 443 to one of the VM's via DNAT and it works fine from outside of the Host ie Internet. But if i try to access resources within VM running on VM via the public IP it is not accessible.
Use case: i have nginx with SSL as reverse proxy for services running in docker on VM (backend + frontend APP) and need to access backend from frontend via "public DNS, IP" because of SSL certificate is created for public dns pointing to public IP and port forwarded to VM's nginx.
I have public interface bridged to vmbr0 and another brige vmbr172 (172.20.0.0/16) for VM's
My Current IPTables rules:
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to 172.20.2.9:443
iptables -t nat -A POSTROUTING -s '172.20.0.0/16' -o vmbr0 -j MASQUERADE
iptables -L -n -t nat -v
Chain PREROUTING (policy ACCEPT 58449 packets, 3018K bytes)
pkts bytes target prot opt in out source destination
1941 105K DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:172.20.2.9:443
Chain POSTROUTING (policy ACCEPT 5511 packets, 332K bytes)
pkts bytes target prot opt in out source destination
212K 18M MASQUERADE all -- * vmbr0 172.20.0.0/16 0.0.0.0/0
I have tried to change out interface to any but connection seems to just "hang" and timeout. Guess i need some postrouting rule but cannot figure out how it should looks like.
