# NAT Interface Configuration

NAT (Network Address Translation) configuration refers to the process of modifying the source or destination IP address of packets as they pass through a router or firewall. This is typically done to manage the mapping of private IP addresses to public IP addresses, allowing devices on a local network (with private IPs) to access the internet using a shared public IP address.

We will now proceed further installing NAT interface on proxmox, By default we just have only one interface `vmbr0` which is bridged into the physical NIC.

<figure><img src="/files/fU49cqCHUBctykyV48KN" alt=""><figcaption></figcaption></figure>

#### Creating a new Linux Bridge to act as a NAT in our proxmox server

<figure><img src="/files/hm4MaoSZJpgRgUUMlNLq" alt=""><figcaption></figcaption></figure>

We will name the new linux bridge as `vmnet0`  and enter the desired network range into it and create the network interface.

<figure><img src="/files/J3SbPqBdVvp1LNBz9bz9" alt=""><figcaption></figcaption></figure>

Once the network configuration is applied we will make some config changes in the proxmox shell to enter the forwarding configuration in the network config file.

```bash
nano /etc/network/interfaces
```

We will delete any default config of the newly created interface `vmnet0` and add the following configuration and exit saving the file.

```bash
auto lo
iface lo inet loopback
iface ens32 inet manual
iface ens34 inet manual
auto vmbr0
iface vmbr0 inet static
        address 3.3.3.77/24
        gateway 3.3.3.1
        bridge-ports ens32
        bridge-stp off
        bridge-fd 0

auto vmnet0
iface vmnet0 inet static
        address 192.168.100.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

## NAT CONFIG 
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.100.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.100.0/24' -o vmbr0 -j MASQUERADE
source /etc/network/interfaces.d/*

```

One config is done we will restrat the networking config and try to assign the interface to VM and check the network IP Allocation & Internet Access.

```bash
systemctl restart networking
```

## VM Network Testing&#x20;

<figure><img src="/files/xMxnDMLYmqoObiANwuSy" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/t4AOMVocDJHv43eD7815" alt=""><figcaption></figcaption></figure>

If we are planning to install or run any website or web applications servers on the NAT network then we will have to map this port to the local proxmox instance to make it accessible via the bridged virtual machines.

{% code overflow="wrap" fullWidth="false" %}

```bash
# iptables -t nat -A PREROUTING -p tcp -d 3.3.3.77 --dport 7070 -i vmbr0 -j  DNAT --to-destination 192.168.100.50:80
iptables -t nat -A PREROUTING -p tcp -d <proxmox-ip> --dport <port> -i vmbr0 -j  DNAT --to-destination <NAT-IP>:<port>
```

{% endcode %}

This will enable the access of web server on the local IP address via port NAT.

***


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ghoulsec.gitbook.io/ghoulsec-vault/server-are-fun/virtualization/proxmox/nat-interface-configuration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.