[one-users] iptables commands to run for externally access the applications run in the VM in a virtual LAN which is set up in a dedicated root server

Qiubo Su (David Su) qiubosu at gmail.com
Thu May 23 18:19:06 PDT 2013


Dear OpenNebula Community,

I want to install/configure a virtual LAN (192.168.120.0/24) in one
dedicated root server in data center.

eth0 is the physical interface of this root server. virbr0 is the default
virtual LAN switch provided by libvirtd (virbr0-nic is the correspondent
virtual interface of virbr0). the virtual network switch is in NAT mode. a
VM in this virtual LAN, and some applications runs in this VM. for
externally accessing the applications (e.g. web server) run in the VM, need
to use iptables command similar as below:

"

LAN="virbr0"
WAN="eth0"
LAN_IP="192.168.120.1"
WAN_IP="172.20.85.28"
VM_IP="192.168.120.100"

iptables -t nat -A PREROUTING -p tcp -d $WAN_IP --dport 80 -j DNAT
--to-destination $VM_IP

iptables -t nat -A POSTROUTING -p tcp -d $LAN_IP --dport 80 -j SNAT
--to-source $VM_IP

iptables -t nat -A OUTPUT -p tcp -d $WAN_IP --dport 80 -j DNAT
--to-destination $VM_IP

iptables -i FORWARD -p tcp -m tcp --in-interface $WAN --out-interface $LAN
-d $VM_IP --dport 80 --j ACCEPT

"

however after running the .sh script with the above iptables command, get
below error

"

iptables v1.4.12: multiple -i flags not allowed

Try `iptables -h' or 'iptables --help' for more information.

"

run the .sh script after commenting out the command "iptables -i FORWARD -p
tcp -m tcp --in-interface $WAN --out-interface $LAN -d $VM_IP --dport 80
--j ACCEPT", there is no error in the output. but only can locally access
the VM web server with the registered domain name (i.e. can locally access
the website hosted in the VM web server, within the virtual LAN scope), but
can't externally access the website hosted in this VM web server.

there may be some problem with this iptables .sh script. it is much
appreciated if anyone can assist with this.

thanks,
Q.S.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130524/a043d0bc/attachment.htm>


More information about the Users mailing list