Tengo un servidor Ubuntu Servery una Xubuntumáquina virtual, el software de virtualización es virt-manager.
Ubuntu Server IP: 172.16.63.140
Xubuntu Virtual Machine IP: 192.168.122.4
puedo hacer
ssh 172.16.63.140
para conectarme Ubuntu Server, y desde este shell ssh puedo hacer
ssh 192.168.122.4
para conectarse al Xubuntu Virtual Machine.
Usando iptables quiero reenviar el puerto ssh para que la máquina virtual sea visible desde el exterior, estos son los comandos que uso:
sudo /sbin/iptables -t nat -I PREROUTING -p tcp -i em1 --dport 22222 -j DNAT --to-destination 192.168.122.4:22
sudo /sbin/iptables -I FORWARD -p tcp -d 192.168.122.4 --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
esta es la salida de iptables:
user@hostname:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere 192.168.122.4 tcp dpt:ssh state NEW,RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
user@hostname:~$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:22222 to:192.168.122.4:22
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
pero si lo hago:
ssh -p 22222 172.16.63.140
este es el contenido de /etc/network/interfaceson host
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto em1
#iface em1 inet dhcp
#MICHELE MODIFIED: delete from here
iface em1 inet static
address 172.16.63.140
netmask 255.255.255.0
network 172.16.63.0
broadcast 172.16.63.255
gateway 172.16.63.254
este es el contenido de /etc/network/interfaceson guest
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
este es el contenido de /etc/libvirt/qemu/UbuntuSynth.xml
<!--
WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:
virsh edit UbuntuSynth
or other application using the libvirt API.
-->
<domain type='kvm'>
<name>UbuntuSynth</name>
<uuid>21851d31-25f2-940b-8cff-afa09e329713</uuid>
<memory unit='KiB'>4194304</memory>
<currentMemory unit='KiB'>4194304</currentMemory>
<vcpu placement='static'>8</vcpu>
<os>
<type arch='x86_64' machine='pc-i440fx-trusty'>hvm</type>
<boot dev='hd'/>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/kvm-spice</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/var/lib/libvirt/images/UbuntuSynth.img'/>
<target dev='hda' bus='ide'/>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
<disk type='block' device='cdrom'>
<driver name='qemu' type='raw'/>
<target dev='hdc' bus='ide'/>
<readonly/>
<address type='drive' controller='0' bus='1' target='0' unit='0'/>
</disk>
<controller type='usb' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pci-root'/>
<controller type='ide' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
</controller>
<interface type='network'>
<mac address='52:54:00:75:4c:d3'/>
<source network='default'/>
<model type='rtl8139'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
<serial type='pty'>
<target port='0'/>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<graphics type='vnc' port='-1' autoport='yes'/>
<sound model='ich6'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</sound>
<video>
<model type='cirrus' vram='9216' heads='1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</memballoon>
</devices>
</domain>
máquina anfitrionaifconfig
em1 Link encap:Ethernet HWaddr f0:1f:af:ef:1b:b5
inet addr:172.16.63.140 Bcast:172.16.63.255 Mask:255.255.255.0
inet6 addr: fe80::f21f:afff:feef:1bb5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:28474137 errors:0 dropped:0 overruns:0 frame:0
TX packets:65644719 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2701543645 (2.7 GB) TX bytes:86462963020 (86.4 GB)
Memory:da500000-da600000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:12327288 errors:0 dropped:0 overruns:0 frame:0
TX packets:12327288 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2986574536 (2.9 GB) TX bytes:2986574536 (2.9 GB)
virbr0 Link encap:Ethernet HWaddr fe:54:00:75:4c:d3
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15817438 errors:0 dropped:0 overruns:0 frame:0
TX packets:28427336 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:82982143933 (82.9 GB) TX bytes:2706857124 (2.7 GB)
vnet0 Link encap:Ethernet HWaddr fe:54:00:8e:0b:d3
inet6 addr: fe80::fc54:ff:fe8e:bd3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12504257 errors:0 dropped:0 overruns:0 frame:0
TX packets:25522667 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:81619900128 (81.6 GB) TX bytes:1884322484 (1.8 GB)
vnet1 Link encap:Ethernet HWaddr fe:54:00:75:4c:d3
inet6 addr: fe80::fc54:ff:fe75:4cd3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3313181 errors:0 dropped:0 overruns:0 frame:0
TX packets:3248438 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:1583687937 (1.5 GB) TX bytes:842952463 (842.9 MB)
máquina de invitadosifconfig
eth0 Link encap:Ethernet HWaddr 52:54:00:75:4c:d3
inet addr:192.168.122.4 Bcast:192.168.122.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fe75:4cd3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3163707 errors:0 dropped:1 overruns:0 frame:0
TX packets:3313229 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:794261483 (794.2 MB) TX bytes:1583695154 (1.5 GB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:10588809 errors:0 dropped:0 overruns:0 frame:0
TX packets:10588809 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3603005625 (3.6 GB) TX bytes:3603005625 (3.6 GB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
desde mi laptop la conexión regresará con error de tiempo de espera, ¿dónde está el problema?
Respuesta1
No ha proporcionado una ruta de retorno en su conjunto de reglas de iptables. Necesitas:
sudo /sbin/iptables -t nat -I POSTROUTING -o em1 -j SNAT --to 172.16.63.140
También debe asegurarse de que el reenvío esté habilitado. Ejemplo:
$ cat /proc/sys/net/ipv4/ip_forward
1