I want to connect to a virtual VM hosted by the server 1.2.3.4 using ssh.
The IP of the VM is 10.10.10.100.
"nft list ruleset" prints:
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
iif "lo" accept comment "Accept any localhost traffic"
ct state invalid drop comment "Drop invalid connections"
ct state established,related accept comment "Accept traffic originated from us"
ip6 nexthdr ipv6-icmp icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, mld-listener-query, mld-listener-report, mld-listener-done, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, ind-neighbor-solicit, ind-neighbor-advert, mld2-listener-report } accept comment "Accept ICMPv6"
ip protocol icmp icmp type { destination-unreachable, router-advertisement, router-solicitation, time-exceeded, parameter-problem } accept comment "Accept ICMP"
ip protocol igmp accept comment "Accept IGMP"
tcp dport ssh accept comment "Accept SSH on port 22"
tcp dport { http, https, 8008, http-alt } accept comment "Accept HTTP (ports 80, 443, 8008, 8080)"
}
chain forward {
type filter hook forward priority 0; policy drop;
}
chain output {
type filter hook output priority 0; policy accept;
}
}
table ip nat {
chain input {
type nat hook input priority 0; policy accept;
counter packets 3 bytes 180
}
chain prerouting {
type nat hook prerouting priority -101; policy accept;
counter packets 12 bytes 2122
dnat to tcp dport map { 10100 : 10.10.10.100 }:tcp dport map { 10100 : ssh }
}
chain postrouting {
type nat hook postrouting priority 0; policy accept;
snat to ip saddr map { 1.2.3.4 : 10.10.10.100 }
}
}
"nmap -p10100 1.2.3.4" says: 10100/tcp filtered itap-ddtp
"ssh 1.2.3.4" works.
On Server "ssh 10.10.10.100" works
"sysctl net.ipv4.ip_forward" prints "net.ipv4.ip_forward = 1"
No comments:
Post a Comment