Install/Configure proxmox VE for NAT ipv4 VPS on Debian Wheezy

Hello,

today I’m going to show you, how you can get proxmox VE runnning on almost every dedicated server/KVM with Debian Wheezy installed.

The first part of the process can be skipped if you already have a 64-bit version of Debian Wheezy installed on your system.

 

1. Install Debian Wheezy 64bit:

This is just an example setup for a dedicated server purchased from online.net.

In the first step we’re going to install Debian Wheezy 64bit:

 

Therefore we have to choose Debian 7 64BITS in the installer:

After clicking on Install Debian a partitioning table shows up, that let’s us choose how to split the disk into different partitions:

We just leave it as it is and click Validate.

In the next step we choose a password for root and for a user we create. Choose a password and continue on.

In the final step, click on the button to install the system.

Now that Debian 7 64bit is installed, let’s go on by installing proxmox.

 

2. Install Proxmox VE:

At first, we have to edit our installation sources:

nano /etc/apt/sources.list

Add the following line:

deb http://download.proxmox.com/debian wheezy pve

We also have to add the corresponding key:

wget -O- http://download.proxmox.com/debian/key.asc | apt-key add –

Now we check for any updates and install the proxmox kernel:

apt-get update && apt-get dist-upgrade && apt-get install pve-firmware pve-kernel-2.6.32-26-pve pve-headers-2.6.32-26-pve

We need to change the default kernel to boot, therefore we have to edit GRUB to load the proxmox kernel by default.
To find out which number the kernel is on the list, open /boot/grub/grub.cfg:

nano /boot/grub/grub.cfg

In the file we will see a list of menuentrys, starting like this:

### BEGIN /etc/grub.d/10_linux ###
menuentry ‘Debian GNU/Linux, with Linux 3.2.0-4-amd64’ –class debian –class gnu-linux –class gnu –class os {

Find the proxmox kernel in the list, it should be called something like this:

menuentry ‘Debian GNU/Linux, with Linux 2.6.32-26-pve’ –class debian –class gnu-linux –class gnu –class os {

Now count your way up, starting from 0 being the first entry. In my case the proxmox kernel is no. 3 on the list, so if you count starting with 0 it gets no. 2 (0=debian, 1=debian rescue, 2=proxmox, 3=proxmox rescue).

Now that you got the information, edit your /etc/default/grub:

nano /etc/default/grub

Find the following entry:

GRUB_DEFAULT=0

And change it to the number you found out just before (in my case no. 2):

GRUB_DEFAULT=2

Update your grub config:

update-grub

Restart your system:

shutdown -r now

After a restart, you should now be running proxmox, you can check if proxmox is running by entering:

uname -a

The output should be something like this:

Linux sd-24075 2.6.32-26-pve #1 SMP Mon Oct 14 08:22:20 CEST 2013 x86_64 GNU/Linux

Now we can remove the debian kernel:

apt-get remove linux-image-amd64 linux-image-3.2.0-4-amd64 linux-base

Make sure to check the /boot/grub/grub.cfg again now, the entry for the proxmox kernel should now be the first one and make sure to edit the /etc/default/grub again to point it to the right kernel:

In my case:

nano /etc/default/grub

Change:

GRUB_DEFAULT=2

Back to:

GRUB_DEFAULT=0

And don’t forget to update your grub config afterwards:

update-grub

Now we can install all the necessary packages:

apt-get install proxmox-ve-2.6.32 ntp ssh lvm2 postfix ksm-control-daemon vzprocps open-iscsi bootlogd

When the postfix configuration shows up, choose Internet Site and specify a mail name (allthough in most cases the standard entry can be chosen)

In my case there also was a dependency error while installing, it was caused by an entry in the /etc/hosts file that looked like this:

127.0.1.1       server.domain.com

Remove that entry.

Also if you got a server from online.net, the ipv4 isn’t linked in the hosts file, you need to add it there:

Check the output of /etc/hostname:

cat /etc/hostname

Output:

sd-2407X

Add a coresponding line to the /etc/hosts file:

195.154.109.X sd-2407X

The complete hosts file:

127.0.0.1 localhost
195.154.109.X sd-2407X

# The following lines are desirable for IPv6 capable hosts
#::1 localhost ip6-localhost ip6-loopback
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters

I commented the ipv6 parts out as they could cause problems with proxmox.
Restart the server after doing the changes.

Then complete the setup process by entering:

apt-get install -f

You can now enter the proxmox console by pointing your browser to:

https://youripaddress:8006

 

3. Configuring networking for NAT ipv4 OpenVZ VPS:

Now that we successfully installed proxmox, let’s go on and configure the NAT networking.
In this example we will assign internal IP-Addresses to each VPS that we create within the range 10.0.0.0/24.
We will create a script that will handle all of the routing and that will automatically start after each boot.

Let’s go ahead and create a new init.d script:

nano /etc/init.d/vz-routing

Add the following:

#!/bin/sh
case "$1" in
 start) echo "vz-routing started"
# It's important that you change the SNAT IP to the one of your server (not the local but the internet IP)
# The following line adds a route to the IP-range that we will later assign to the VPS. That's how you get internet access on # your VPS.
/sbin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j SNAT --to ip-of-your-server

# These are the rules for any port forwarding you want to do
# In this example, all traffic to and from the ports 11001-11019 gets routed to/from the VPS with the IP 10.0.0.1.
# Also the port 11000 is routed to the SSH port of the vps, later on you can ssh into your VPS through yourip:11000

/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 11000 -j DNAT --to 10.0.0.1:22
/sbin/iptables -t nat -A PREROUTING -i eth0 -p udp --dport 11001:11019 -j DNAT --to 10.0.0.1
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 11001:11019 -j DNAT --to 10.0.0.1

# In my case I also dropped outgoing SMTP traffic, as it's one of the most abused things on servers

/sbin/iptables -A FORWARD -j DROP -p tcp --destination-port 25
/sbin/iptables -A FORWARD -j DROP -p tcp --destination-port 2525
/sbin/iptables -A FORWARD -j DROP -p tcp --destination-port 587
/sbin/iptables -A FORWARD -j DROP -p tcp --destination-port 465
/sbin/iptables -A FORWARD -j DROP -p tcp --destination-port 2526
/sbin/iptables -A FORWARD -j DROP -p tcp --destination-port 110
/sbin/iptables -A FORWARD -j DROP -p tcp --destination-port 143
/sbin/iptables -A FORWARD -j DROP -p tcp --destination-port 993

;;

*) echo "Usage: /etc/init.d/vz-routing {start}"
exit 2
;;

esac
exit 0

Add proper execution right to the file and start the file to see if it works:

chmod u+x /etc/init.d/vz-routing

/etc/init.d/vz-routing start

If everything works, add the file to boot with debian:

update-rc.d vz-routing defaults

Now that we got a proper network configuration we can go on by creating our first VPS.

 

4. Creating a VPS with NAT ipv4:

To create a vps we need to download a system image first and place it in the right directory.
Go to /var/lib/vz/template/cache and download a template (you can find proxmox templates here: http://download.proxmox.com/appliances/system/):

cd /var/lib/vz/template/cache

wget http://download.proxmox.com/appliances/system/debian-7.0-standard_7.0-2_i386.tar.gz

Now that we have a template, we can go to the proxmox panel and setup the VPS.

Go to https://yourip:8006 and login with your root credentials. Make sure the realm is set to Linux PAM. You can dismiss the notification that tells you, that you have no license.

To create a VPS you go to “Create CT” in the upper right corner:

A setup wizzard will pop up. In that setup wizzard assign the container a hostname and a password like this:

In the next step you can now choose the downloaded template:

Going on, you can allocate ressources to the server, I just leave the standard configuration there for now:

Now you need to configure the networking of the VPS. We already created routing rules for the IP 10.0.0.1 and can now assign this IP to the VPS:

For DNS, we use the host settings.

In the final step we confirm all the settings we entered and click the “Finish” button.
Proxmox will then create the VPS for you.

Now you have a working VPS with internet access and the ports 11001-11019 forwarded to the VPS, you can bind applications to the ports and you can ssh into the box on port 11000.

 

Sources I used to create this tutorial: 
https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_Wheezy

5 thoughts on “Install/Configure proxmox VE for NAT ipv4 VPS on Debian Wheezy

  1. Great tutorial, thank you

    Quick question,

    If I want to create a second VPS, do I have to give it the IP 10.0.0.2, and forward new ports in /etc/init.d/vz-routing

    or what’s the exact process?

    Thanks

    1. Yes, that’s what you would have to do.

      An example of what you would have to add:

      /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 11020 -j DNAT --to 10.0.0.2:22
      /sbin/iptables -t nat -A PREROUTING -i eth0 -p udp --dport 11021:11039 -j DNAT --to 10.0.0.2
      /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 11021:11039 -j DNAT --to 10.0.0.2

  2. “net.ipv4.ip_forward=1” need to be set in /etc/sysctl.conf and enabled by “sysctl -p” to get the network working.

Leave a Reply

Your email address will not be published. Required fields are marked *