Install and configure proxmox
The base install is very well described on the proxmox site, we are not going to copy that here.
After the base install we have a proxmox server with a local network connection.
Creating nat networks
In my lab, I created 2 extra nat networks, to place my containers and VM's in, instead of filling my entire network with IP's of my test VM's. Choose your ip ranges to create networks for ( I chose 10.1.1.0/24 and 10.10.10.0/24 ).
Open a ssh connection to your proxmox box and login as the root user (or just use the console).
Edit the network configuration file:
nano /etc/network/interfaces
and paste the following config (to copy mine)
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
auto lo
iface lo inet loopback
auto eno1
iface eno1 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.168.2.209/24
gateway 192.168.2.254
bridge-ports eno1
bridge-stp off
bridge-fd 0
#Wan network
auto vmbr1
iface vmbr1 inet static
address 10.1.1.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
#10.1.1.0 network
auto vmbr1
iface vmbr1 inet static
address 10.10.10.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
#10.10.10.0 network
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.1.1.0/24' -o vmbr1 -j MASQUERADE
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr2 -j MASQUERADE
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t nat -D POSTROUTING -s '10.1.1.0/24' -o vmbr1 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr2 -j MASQUERADE
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
This will create the networks your need and ensures the forwarding of traffic from the VM/containers to the internet.
If your ISP or Modem creates a private IP range for you, you can leave vmbr1 and 2 out.
You will have plenty of addresses for a homelab.
Make VM's reachable from the local network
When you create containers and/or VM's on these nat networks, these machines can reach the internet, but they are not accessible from the the outside.
To make the machine/port accessible, you must route traffic to this machine through iptables.
I created a script for this purpose:
routing_rules.sh
# Delete all old rules to prevent them from providing access
iptables -t nat -F PREROUTING
# SSH rules
# We forward SSH ports to the VM's and containers
# The port number is 10000 plus the VM-id
iptables -t nat -A PREROUTING -d <wan_ip>/32 -p tcp -m tcp --dport 10100 -j DNAT --to-destination 10.1.1.5:22
iptables -t nat -A PREROUTING -d <wan_ip>/32 -p tcp -m tcp --dport 10101 -j DNAT --to-destination 10.10.10.10:22
# proxy rules for http and dns
iptables -t nat -A PREROUTING -d <wan_ip>/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.10.10.2:80
iptables -t nat -A PREROUTING -d <wan_ip>/32 -p udp -m udp --dport 53 -j DNAT --to-destination 10.10.10.2:53
# Grafana
iptables -t nat -A PREROUTING -d <wan_ip>/32 -p tcp -m tcp --dport 3000 -j DNAT --to-destination 10.1.1.11:3000
This script is made executable with chmod +x routing_rules.sh
I added the script to the crontab with the @reboot tag, so it is executed on every reboot.