<div dir="ltr">Hi Andy,<div><br></div><div>The recommended way to do NAT and port forwarding in OpenNebula is using the Virtual Router:</div><div><a href="http://opennebula.org/documentation:rel4.2:router">http://opennebula.org/documentation:rel4.2:router</a><br>
</div><div><br></div><div>If you would rather do it the way you were, I think it would be better to use Libvirt strategy, which for NAT is:</div><div><br></div><div>* create a bridge</div><div>* enable NAT by adding a masquerade rule: iptables -t nat -A POSTROUTING -o <public_interface> -j MASQUERADE</div>
<div>* enable forwarding: net.ipv4.ip_forward = 1 in /etc/sysctl.conf</div><div><br></div><div>And for forwarding I would create ad-hoc iptables rules:</div><div><br></div><div><div> iptables -t nat -A PREROUTING -p tcp --dport ${Host_port[$i]} -j DNAT \</div>
<div> --to ${Guest_ipaddr}:${Guest_port[$i]}</div><div> iptables -I FORWARD -d ${Guest_ipaddr}/32 -p tcp -m state --state NEW \</div><div> -m tcp --dport ${Guest_port[$i]} -j ACCEPT</div></div><div>
<br></div><div>More info here: <a href="http://wiki.libvirt.org/page/Networking">http://wiki.libvirt.org/page/Networking</a></div><div><br></div><div>If you want OpenNebula to do it automatically I would register a hook in the Running Virtual Machine event that applies those rules, and a similar one on the delete event that removes them.</div>
<div><br></div><div>cheers,<br>Jaime</div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Nov 2, 2013 at 9:05 AM, Andy Coates <span dir="ltr"><<a href="mailto:andy.coates@gmail.com" target="_blank">andy.coates@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hey,<div><br></div><div>I have a very basic setup that requires no ON configured networking, just the default NAT that KVM provides out of the box.</div>
<div><br></div><div>I'm not sure how to "properly" define an interface to achieve this. I've got it working via the RAW section by adding:</div>
<div>
<p><interface type='network'><source network='default'/> <model type='virtio'/></interface></p><p>This works and it provides the default NAT interface, but is that how it should be done? I ask because the second issue I have is that I cannot port forward from the host. According to the KVM docs, using these parameters (added via qemu:commandline option) should forward TCP port 3389:</p>
<p>
</p><p>-net user,hostfwd=tcp::3389-:3389</p><p>It doesn't work though, and I have a feeling this is because of how I defined the network/interface above. The host does start to listen on port 3389 when KVM starts, I can see that through netstat/lsof - it just doesn't seem to connect through to the VM.</p>
<p>Any ideas?</p><p>Thanks.</p></div></div>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a><br>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div>Jaime Melis<br>Project Engineer<br>OpenNebula - Flexible Enterprise Cloud Made Simple<br><a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | <a href="mailto:jmelis@opennebula.org" target="_blank">jmelis@opennebula.org</a></div>
</div>
</div>