The VMs are inside their own VM subnet and have no direct route to the outside world. This means they can only have outgoing
traffic. While this is fine for most usecases, it breaks down with eth2 nodes. Eth2 nodes use discv5 to handle finding peers,
in the absence of something like upnp, they would not be able to connect to any peers since they are completely isolated
to incoming traffic.
The solution for this would be to simply setup a port forward from the host public IP to the subnet IP. We can then
advertise the port as the p2p-udp-port/p2p-tcp-port via CLI flags to ensure connectivity. Naturally we don't want the ports
to overlap, so we always use a pre-defined offset (9000) + vmid (which is unique for each VM).
I've created a script to simplify the process, it creates a basic script with iptables to setup this route.
- Navigate to
scripts/proxmox-port-forwarding/inventory - Install dependencies with
poetry install - Run the script with:
python3 proxmox-port-forwarding/inventory/proxmox.py --url=https://URL:8006/ --username=USERNAME@pve --password=PASSWORD --qemu_interface=ens18 --trust-invalid-certs --list --pretty - Move the generated
port-forwarding-script-NODE-NAME.shto the proxmox host withscpor whatever. - Run
chmod +x port-forwarding-script-NODE-NAME.shand manually verify the script - Run the script with
./port-forwarding-script-NODE-NAME.sh - Verify the forwards with
iptables -vnxL -tnat
NOTE: You would need to redo the port forwards each time you setup a new VM that requires the port forward