Summary
Auf beiden Systemen (kube-worker und kube-master) wurden NAT-Weiterleitungen (DNAT-Regeln) in den iptables eingerichtet, um externe TCP-Ports über vmbr0 auf interne IPs im 10.10.10.x-Netz zu leiten. Zudem wurde in den jeweiligen /etc/network/interfaces-Dateien die automatische Einrichtung dieser NAT-Regeln und des IP-Forwardings konfiguriert, damit sie beim Systemstart aktiv sind.
Dadurch ist die displayce-prebid instanz von außen erreichbar.
WARNING
Vorhergehende Änderungen über die proxmox GUI (kommentar im entsprechenden Netzwerk interface) haben vermutlich dazu geführt dass die Änderungen in
/etc/network/interfacesbeim Neustart der host Maschinen überschrieben wurden. — 2025-11-19
shell history mvh (kube-worker)
# checks if rules exists
iptables -t nat -C PREROUTING -i vmbr0 -p tcp --dport 6971 -j DNAT --to-destination 10.10.10.3:6971
# adds rule
iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 6971 -j DNAT --to-destination 10.10.10.3:6971
iptables -t nat -L PREROUTING -n -v
iptables -t nat -S PREROUTING | grep dport
iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 6972 -j DNAT --to-destination 10.10.10.3:6972
iptables -t nat -L PREROUTING -n -v
root@MH-19003Y:/etc/network# cat interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
auto lo
iface lo inet loopback
iface ens2f0 inet manual
iface ens2f1 inet manual
auto vmbr0
iface vmbr0 inet static
address 5.199.140.38/30
gateway 5.199.140.37
bridge-ports ens2f0
bridge-stp off
bridge-fd 0
auto vmbr1
iface vmbr1 inet static
address 10.10.10.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 6443 -j DNAT --to 10.10.10.3:6443
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 6969 -j DNAT --to 10.10.10.3:6969
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 6970 -j DNAT --to 10.10.10.3:6970
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 6971 -j DNAT --to 10.10.10.3:6971
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 6972 -j DNAT --to 10.10.10.3:6972
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 7070 -j DNAT --to 10.10.10.3:7070
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 7069 -j DNAT --to 10.10.10.3:7069
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 8069 -j DNAT --to 10.10.10.3:8069
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 8070 -j DNAT --to 10.10.10.3:8070
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 8080 -j DNAT --to 10.10.10.3:80
post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 51820 -j DNAT --to 10.10.10.3:51820
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
source /etc/network/interfaces.d/*
root@MH-19003Y:/etc/network# shell history pvc (kube-master)
iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 6971 -j DNAT --to-destination 10.10.10.2:6971
iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 6972 -j DNAT --to-destination 10.10.10.2:6972
iptables -t nat -L PREROUTING -n -v
root@pve:/etc/network# cat interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
auto lo
iface lo inet loopback
iface eno5 inet manual
iface eno6 inet manual
iface eno7 inet manual
iface eno8 inet manual
iface ens1f0 inet manual
iface ens1f1 inet manual
auto vmbr0
iface vmbr0 inet static
address 5.199.128.26/30
gateway 5.199.128.25
bridge-ports ens1f0
bridge-stp off
bridge-fd 0
auto vmbr1
iface vmbr1 inet static
address 10.10.10.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 6443 -j DNAT --to 10.10.10.2:6443
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 6969 -j DNAT --to 10.10.10.2:6969
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 6970 -j DNAT --to 10.10.10.2:6970
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 6971 -j DNAT --to 10.10.10.2:6971
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 6972 -j DNAT --to 10.10.10.2:6972
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 7070 -j DNAT --to 10.10.10.2:7070
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 7069 -j DNAT --to 10.10.10.2:7069
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 8070 -j DNAT --to 10.10.10.2:8070
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 8080 -j DNAT --to 10.10.10.2:80
post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 51820 -j DNAT --to 10.10.10.2:51820
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
source /etc/network/interfaces.d/*
root@pve:/etc/network#