[one-users] KVM default NAT networking and port forwarding
Jaime Melis
jmelis at opennebula.org
Wed Nov 6 07:16:46 PST 2013
Hi Andy,
The recommended way to do NAT and port forwarding in OpenNebula is using
the Virtual Router:
http://opennebula.org/documentation:rel4.2:router
If you would rather do it the way you were, I think it would be better to
use Libvirt strategy, which for NAT is:
* create a bridge
* enable NAT by adding a masquerade rule: iptables -t nat -A POSTROUTING -o
<public_interface> -j MASQUERADE
* enable forwarding: net.ipv4.ip_forward = 1 in /etc/sysctl.conf
And for forwarding I would create ad-hoc iptables rules:
iptables -t nat -A PREROUTING -p tcp --dport ${Host_port[$i]} -j DNAT \
--to ${Guest_ipaddr}:${Guest_port[$i]}
iptables -I FORWARD -d ${Guest_ipaddr}/32 -p tcp -m state --state NEW \
-m tcp --dport ${Guest_port[$i]} -j ACCEPT
More info here: http://wiki.libvirt.org/page/Networking
If you want OpenNebula to do it automatically I would register a hook in
the Running Virtual Machine event that applies those rules, and a similar
one on the delete event that removes them.
cheers,
Jaime
On Sat, Nov 2, 2013 at 9:05 AM, Andy Coates <andy.coates at gmail.com> wrote:
> Hey,
>
> I have a very basic setup that requires no ON configured networking, just
> the default NAT that KVM provides out of the box.
>
> I'm not sure how to "properly" define an interface to achieve this. I've
> got it working via the RAW section by adding:
>
> <interface type='network'><source network='default'/> <model
> type='virtio'/></interface>
>
> This works and it provides the default NAT interface, but is that how it
> should be done? I ask because the second issue I have is that I cannot
> port forward from the host. According to the KVM docs, using these
> parameters (added via qemu:commandline option) should forward TCP port 3389:
>
> -net user,hostfwd=tcp::3389-:3389
>
> It doesn't work though, and I have a feeling this is because of how I
> defined the network/interface above. The host does start to listen on port
> 3389 when KVM starts, I can see that through netstat/lsof - it just doesn't
> seem to connect through to the VM.
>
> Any ideas?
>
> Thanks.
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
--
Jaime Melis
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org | jmelis at opennebula.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20131106/26dbf8a1/attachment-0002.htm>
More information about the Users
mailing list