서버 Ubuntu Server와 Xubuntu가상 머신이 있는데 가상화 소프트웨어는 virt-manager.
Ubuntu Server IP: 172.16.63.140
Xubuntu Virtual Machine IP: 192.168.122.4
내가 할 수있는
ssh 172.16.63.140
에 연결 Ubuntu Server하고 이 SSH 셸에서 할 수 있는 작업은 다음과 같습니다.
ssh 192.168.122.4
에 연결합니다 Xubuntu Virtual Machine.
iptables를 사용하여 가상 머신을 외부에서 볼 수 있도록 SSH 포트를 전달하고 싶습니다. 다음은 제가 사용하는 명령입니다.
sudo /sbin/iptables -t nat -I PREROUTING -p tcp -i em1 --dport 22222 -j DNAT --to-destination 192.168.122.4:22
sudo /sbin/iptables -I FORWARD -p tcp -d 192.168.122.4 --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
이것은 iptables의 출력입니다:
user@hostname:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere 192.168.122.4 tcp dpt:ssh state NEW,RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
user@hostname:~$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:22222 to:192.168.122.4:22
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
하지만 내가 그렇게 한다면:
ssh -p 22222 172.16.63.140
/etc/network/interfaces이것은 호스트 의 내용입니다
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto em1
#iface em1 inet dhcp
#MICHELE MODIFIED: delete from here
iface em1 inet static
address 172.16.63.140
netmask 255.255.255.0
network 172.16.63.0
broadcast 172.16.63.255
gateway 172.16.63.254
/etc/network/interfaces이것은 손님 의 내용입니다
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
이것은 /etc/libvirt/qemu/UbuntuSynth.xml의 내용입니다.
<!--
WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:
virsh edit UbuntuSynth
or other application using the libvirt API.
-->
<domain type='kvm'>
<name>UbuntuSynth</name>
<uuid>21851d31-25f2-940b-8cff-afa09e329713</uuid>
<memory unit='KiB'>4194304</memory>
<currentMemory unit='KiB'>4194304</currentMemory>
<vcpu placement='static'>8</vcpu>
<os>
<type arch='x86_64' machine='pc-i440fx-trusty'>hvm</type>
<boot dev='hd'/>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/kvm-spice</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/var/lib/libvirt/images/UbuntuSynth.img'/>
<target dev='hda' bus='ide'/>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
<disk type='block' device='cdrom'>
<driver name='qemu' type='raw'/>
<target dev='hdc' bus='ide'/>
<readonly/>
<address type='drive' controller='0' bus='1' target='0' unit='0'/>
</disk>
<controller type='usb' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pci-root'/>
<controller type='ide' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
</controller>
<interface type='network'>
<mac address='52:54:00:75:4c:d3'/>
<source network='default'/>
<model type='rtl8139'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
<serial type='pty'>
<target port='0'/>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<graphics type='vnc' port='-1' autoport='yes'/>
<sound model='ich6'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</sound>
<video>
<model type='cirrus' vram='9216' heads='1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</memballoon>
</devices>
</domain>
호스트 머신ifconfig
em1 Link encap:Ethernet HWaddr f0:1f:af:ef:1b:b5
inet addr:172.16.63.140 Bcast:172.16.63.255 Mask:255.255.255.0
inet6 addr: fe80::f21f:afff:feef:1bb5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:28474137 errors:0 dropped:0 overruns:0 frame:0
TX packets:65644719 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2701543645 (2.7 GB) TX bytes:86462963020 (86.4 GB)
Memory:da500000-da600000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:12327288 errors:0 dropped:0 overruns:0 frame:0
TX packets:12327288 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2986574536 (2.9 GB) TX bytes:2986574536 (2.9 GB)
virbr0 Link encap:Ethernet HWaddr fe:54:00:75:4c:d3
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15817438 errors:0 dropped:0 overruns:0 frame:0
TX packets:28427336 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:82982143933 (82.9 GB) TX bytes:2706857124 (2.7 GB)
vnet0 Link encap:Ethernet HWaddr fe:54:00:8e:0b:d3
inet6 addr: fe80::fc54:ff:fe8e:bd3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12504257 errors:0 dropped:0 overruns:0 frame:0
TX packets:25522667 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:81619900128 (81.6 GB) TX bytes:1884322484 (1.8 GB)
vnet1 Link encap:Ethernet HWaddr fe:54:00:75:4c:d3
inet6 addr: fe80::fc54:ff:fe75:4cd3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3313181 errors:0 dropped:0 overruns:0 frame:0
TX packets:3248438 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:1583687937 (1.5 GB) TX bytes:842952463 (842.9 MB)
게스트 머신ifconfig
eth0 Link encap:Ethernet HWaddr 52:54:00:75:4c:d3
inet addr:192.168.122.4 Bcast:192.168.122.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fe75:4cd3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3163707 errors:0 dropped:1 overruns:0 frame:0
TX packets:3313229 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:794261483 (794.2 MB) TX bytes:1583695154 (1.5 GB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:10588809 errors:0 dropped:0 overruns:0 frame:0
TX packets:10588809 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3603005625 (3.6 GB) TX bytes:3603005625 (3.6 GB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
내 노트북에서 연결이 시간 초과 오류와 함께 반환됩니다. 문제는 어디에 있습니까?
답변1
iptables 규칙 세트에 반환 경로를 제공하지 않았습니다. 당신은 다음이 필요합니다
sudo /sbin/iptables -t nat -I POSTROUTING -o em1 -j SNAT --to 172.16.63.140
또한 전달이 활성화되어 있는지 확인해야 합니다. 예:
$ cat /proc/sys/net/ipv4/ip_forward
1