[one-users] Using White-port correctly
Jaime Melis
jmelis at opennebula.org
Mon May 14 04:21:43 PDT 2012
Hello Sean,
ok, I think we understand what you mean.
There are two things here: (1) Getting the host to forward the port with
iptables (2) doing it automatically with OpenNebula using customized
network drivers:
Let's start by achieving this manually and we can move on later on to doing
it automatically with OpenNebula:
To do this you need to do the following in the host that's running the
gateway VM:
* add an iptables rule to forward to the desired vm:
iptables -t nat -I PREROUTING -p tcp --dport <PORT> -j DNAT
--to-destination <guest_vm_ip>:<PORT>
* allow forwarding:
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -I FORWARD -m state -d <libvirt_nat_network>/24 --state
NEW,RELATED,ESTABLISHED -j ACCEPT
* add a static route:
route add -net <libvirt_nat_network> netmask 255.255.255.0 dev <BRIDGE>
Can you try this and let us know if it works?
Cheers,
Jaime
On Fri, May 11, 2012 at 7:08 PM, Sean Abbott <seabbott at akamai.com> wrote:
> The hosts connect to each other through a backend network. They're all
> on the same switch, and they use a bridge to that backend network to
> provide inter-vm connectivity.
>
> So, in the templates below, fullbackend is connected to a bridge that
> goes to a private network. natnet0 is connected to virbr0, which does
> IP masquerading out to the world via libvirt's default nat with
> libvirt's default iptables rules. As I said, all that's working fine.
> So regardless of whether opennebula truly SUPPORTS it, it does work. :-)
>
> All I need to go is get one port to forward to one vm and my setup will
> work wonderfully.
>
> On 05/11/2012 11:01 AM, Jaime Melis wrote:
> > Dear Sean,
> >
> > OpenNebula does not support Libvirt's NAT-network(192.168.122.0/24).
> > You have to create a network environment as described here:
> > http://opennebula.org/documentation:rel3.4:plan#networking
> >
> > How are your hosts connected to each other?
> >
> > Regards,
> > Jaime
> >
> > On Fri, May 11, 2012 at 4:40 PM, Sean Abbott <seabbott at akamai.com>
> wrote:
> >> Hello,
> >>
> >> I have a setup intended for selenium grid. I'll have a bunch of
> >> machines using the default NAT for internet access and a management
> >> network for communication between each other. The template for these
> >> VMs is:
> >>
> >> NIC=[
> >> MODEL=virtio,
> >> NETWORK="natnet0",
> >> NETWORK_UNAME=oneadmin ]
> >> NIC=[
> >> MODEL=virtio,
> >> NETWORK="fullbackend",
> >> NETWORK_UNAME=oneadmin ]
> >>
> >>
> >> That's all working. I need one VM to be able to communicate with the
> >> outside world on a single port (4444). I've set up template as follows:
> >>
> >> NIC=[
> >> MODEL=virtio,
> >> NETWORK="natnet0",
> >> NETWORK_UNAME=oneadmin,
> >> IP=192.168.122.100,
> >> WHITE_PORTS_TCP=4444 ]
> >> NIC=[
> >> MODEL=virtio,
> >> NETWORK="fullbackend",
> >> NETWORK_UNAME=oneadmin ]
> >>
> >> The resulting VM can still use the internet and it can still communicate
> >> with the other VMs. I can communicate with it on port 4444 from the
> >> host that it's on, but not from outside.
> >>
> >> Is this what WHITE_PORTS_TCP is intended for? Am I doing something
> wrong?
> >>
> >> Thanks!
> >>
> >> sean
> >> _______________________________________________
> >> Users mailing list
> >> Users at lists.opennebula.org
> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >
> >
>
>
--
Jaime Melis
Project Engineer
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org | jmelis at opennebula.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120514/e5a5ca64/attachment-0003.htm>
More information about the Users
mailing list