NAT is a way to hide internal network IP addresses from the external network, such as the internet. Any outgoing traffic uses the main host IP address instead of using its own local IP address. Add the last three lines of the following post-up and post-down settings to the /etc/network/interfaces configuration file. Only add these lines under the virtual bridge configuration that needs the NAT option:
auto vmbr0
iface vmbr0 inet static
address 192.168.145.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.145.0/24' -o eth0
-j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.145.0/24' -o eth0
-j MASQUERADE
It is recommended that all NAT configurations be handled by a dedicated physical or virtual firewall. Most firewalls have an out-of-the-box NAT option. Also, using virtualized firewalls, we can create truly isolated virtual networks for multiple clients on the same Proxmox cluster. Having a virtual firewall provides the client control over their own filtering while keeping their network hidden from the other client networks in the cluster.