I have a server with one external IP address (e.g. 1.2.3.4). On that server I use libvirt to run virtual machines. Now I want to access a virtual server on my host via ssh (port 1234) from the outside.
On my host system I got a network interface eth0 which is connected to my outside IP (1.2.3.4).
My virtual machine is connected to the host machine via a nat interface called virbr0 with the ip 192.168.122.235.
As I need to forward a port I did the following with iptable
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 1234 -j DNAT --to-destination 192.168.122.235:1234
iptables -A FORWARD -p tcp -d 192.168.122.235 --dport 1234 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
For basic networking I also got UFW running on the host allows port 1234:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip
To Action From
-- ------ ----
[SOMEOTHERPORTS]
1234/tcp ALLOW IN Anywhere
1234/tcp (v6) ALLOW IN Anywhere (v6)
I made sure that forwarding is allowed for all involved network interfaces:
user@someserver ~ # cat /proc/sys/net/ipv4/conf/virbr0/forwarding
1
user@someserver ~ # cat /proc/sys/net/ipv4/conf/eth0/forwarding
1
When trying to connect via ssh to the server from the outside network to 1.2.3.4 I get:
ssh: connect to host 1.2.3.4 port 1234: Connection refused
I checked the ssh connection from the host, which is working perfectly.
- What am I doing wrong here?
- Does UFW interfere with iptables?
- How can I get this working?
- Is there an easier way to do port forwarding with
libvirt / virt-manager? (I tried this:
http://secomputing.co.uk/2012/02/21/Forwarding-ports-to-KVM-clients/
which did not work either because XML is not valid when changing to / it does validate but not work if I let it on "network")
No comments:
Post a Comment