PVE增加Nat,端口映射和DHCP服务

发表于2023-03-20Zeno Chen

1、首先给Proxmox VE规划一个内部使用的nat网段,我使用的是172.16.88.0/24,给Proxmox VE设置172.16.88.1,也就是作为nat网关地址;

2、通过shell编辑Proxmox VE服务器/etc/network/interfaces文件,新增加一个nat网卡,nat网卡名称为vmbr1,修改后的内容如下,请注意enp0s31f6是物理网卡,可以通过ifconfig查看到;

nano -w /etc/network/interfaces

【固定IP】

auto lo
iface lo inet loopback

iface lo inet6 loopback

auto enp0s31f6
iface enp0s31f6 inet manual

auto enx00e04c682754
iface enx00e04c682754 inet manual

# WAN桥接(任选一个物理口)
auto vmbr0
iface vmbr0 inet dhcp
    bridge_ports enx00e04c682754
    bridge_stp off
    bridge_fd 0
iface vmbr0 inet6 dhcp
    bridge_ports enx00e04c682754
    bridge_stp off
    bridge_fd 0

# iface vmbr0 inet static
#     bridge_ports enx00e04c682754
#     address 116.202.172.162/26
#     gateway 116.202.172.129
#     up ip route add 116.202.172.128/26 via 116.202.172.129 dev enx00e04c682754
# iface vmbr0 inet6 static
#     bridge_ports enx00e04c682754
#     address fe80::921b:eee:feda:cb88/64
#     gateway fe80::1

auto vmbr1
iface vmbr1 inet static
        address 172.16.88.1/24
        bridge-ports enp0s31f6
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '172.16.88.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '172.16.88.0/24' -o vmbr0 -j MASQUERADE

【DHCP】

auto lo
iface lo inet loopback
iface lo inet6 loopback

auto enp0s31f6
iface enp0s31f6 inet manual

auto enx00e04c682754
iface enx00e04c682754 inet manual

# WAN桥接(任选一个物理口)
auto vmbr0
iface vmbr0 inet dhcp
    bridge_ports enx00e04c682754
    bridge_stp off
    bridge_fd 0
iface vmbr0 inet6 dhcp
    bridge_ports enx00e04c682754
    bridge_stp off
    bridge_fd 0

auto vmbr1
iface vmbr1 inet static
        address 172.16.88.1/24
        bridge_ports enp0s31f6
        bridge-stp off
        bridge-fd 0
        post-up sysctl -w net.ipv4.ip_forward=1
        post-up iptables -t nat -A POSTROUTING -s '172.16.88.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '172.16.88.0/24' -o vmbr0 -j MASQUERADE

【使用WIFI】

安装wifi的支持包

sed -i 's/^deb/# deb/' /etc/apt/sources.list.d/pve-enterprise.list
apt update
apt install wpasupplicant wireless-tools -y
auto wlp0s20f3
iface wlp0s20f3 inet dhcp
    wpa-ssid "talentbaby_5G"
    wpa-psk "password"

替换转发到wifi接口

cp /etc/network/interfaces /etc/network/interfaces.bak
sed -i -E 's/(-[io]) vmbr0/\1 wlp0s20f3/g' /etc/network/interfaces
ifreload -a

3、设置端口转发的网段,网段在前面配置网卡时设置的;

        #these rules forward traffic
        #template
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 1022 -j DNAT --to 172.16.88.10:22
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 1022 -j DNAT --to 172.16.88.10:22
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 1080 -j DNAT --to 172.16.88.10:80
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 1080 -j DNAT --to 172.16.88.10:80
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 10443 -j DNAT --to 172.16.88.10:443
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 10443 -j DNAT --to 172.16.88.10:443
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 1088 -j DNAT --to 172.16.88.10:8080
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 1088 -j DNAT --to 172.16.88.10:8080

4、安装DHCP服务器,并且配置自动分配IP地址

安装

apt update
apt install dnsmasq

修改配置

nano /etc/dnsmasq.conf

interface=vmbr1
dhcp-range=172.16.88.10,172.16.88.200,12h
dhcp-option=option:router,172.16.88.1    
dhcp-option=option:dns-server,8.8.8.8,1.1.1.1

如果需要分配固定IP

# 为特定设备分配固定 IP
dhcp-host=00:11:22:33:44:55,172.16.88.50
dhcp-host=AA:BB:CC:DD:EE:FF,172.16.88.51

重新启动服务器

systemctl restart dnsmasq

关于Zeno Chen

本人涉及的领域较多,杂而不精 程序设计语言: Perl, Java, PHP, Python; 数据库系统: MySQL,Oracle; 偶尔做做电路板的开发,主攻STM32单片机
此条目发表在Linux分类目录。将固定链接加入收藏夹。