KVM a smerovanie portov
potreboval by som poradit s presmerovanim portov. Moje pokusy s nastavenim smerovania troskotaju. Za akukolvek radu budem vdacny.
Port 80 na virtualke je otvoreny, taktiez je nastaveny
hook script som pouzil z tadeto (skusal som aj z libvirt wiki):
http://www.jimscode.ca/index.php/component/content/article/19-linux/142-linux-port-forwarding-to-guest-libvirt-vms
distro: scientific linux 6
Chain PREROUTING (policy ACCEPT 83 packets, 4067 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888 to:192.168.122.67:80
Chain POSTROUTING (policy ACCEPT 37 packets, 2653 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE tcp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
1 128 MASQUERADE udp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24
Chain OUTPUT (policy ACCEPT 37 packets, 2653 bytes)
pkts bytes target prot opt in out source destination
18 1080 DNAT tcp -- * lo 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888 to:192.168.122.67:80
####
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.122.67 state NEW,RELATED,ESTABLISHED tcp dpt:80
0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED
0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0
0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
[root@mail hooks]# grep forw /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
[root@mail hooks]#
#### no nmap z vonkajsej sieti vypluje toto:
PORT STATE SERVICE
8888/tcp filtered sun-answerbook
Pre pridávanie komentárov sa musíte prihlásiť.
iptables -I FORWARD -m state -d 192.168.122.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -I PREROUTING -p tcp --dport 8888 -j DNAT --to-destination 192.168.122.67:80