Re: iptables, virtualbox and port forwarding

To: <debian-user@lists.debian.org>
Subject: Re: iptables, virtualbox and port forwarding
From: berenger.morel@neutralite.org
Date: Wed, 11 Jun 2014 15:09:50 +0200
Message-id: <[🔎] 198c9c5a3baf38a123cc5c64bae4856b@neutralite.org>
In-reply-to: <53866AA0.2070901@plouf.fr.eu.org>
References: <fa67f2d6171898de5d691a72d177173e@neutralite.org> <53866AA0.2070901@plouf.fr.eu.org>

Le 29.05.2014 01:00, Pascal Hambourg a écrit :

On that network, I have some VMs with static IPs, and the one onwhichI try to make the configuration for testing and learning purposehave an
apache2 server running and up ( I can query on it from my physical
computer ). It is using 2 network interfaces, a NAT one and a bridge
one, but for others I would like to remove the NAT one, since I need
them to simulate the production servers ( which are VMs too, but my
company does not control the system on which they are running.Otherwiseit would have be far easier: I would have read how it does tounderstand
things ) which only have one interface ( eth0 ).
Both LANs ( the physical one and the virtual one ) works perfectly,but
now I would like to allow 2 things:
_ VMs to access the physical LAN, so that they could access the apt
proxy I have installed there for installing softwares and updates
- Enable IP forwarding on the host acting as a router.
# sysctl -w net.ipv4.ip_forward=1
- Presumably, you need to masquerade forwarded packets from VMs tothephysical LAN if the physical hosts or their router doesn't have aroute
to your virtual LAN.
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
_ physical computers accessing VMs through some ports of mycomputer.For example, redirecting "172.20.14.XX:80" to "10.10.10.30:80". Iwill
do that port forwarding for ssh ( port 22 ), http ( port 80 ) and
postgresql ( port 5432 ) connections in a first time.
- You need port forwarding only if the physical hosts or their router
doesn't have a route to your virtual LAN.
# iptables -t nat -A PREROUTING -i eth0 -d 172.20.14.XX \
   -p tcp --dport 80 -j DNAT --to 10.10.10.30
(and so on for each port)
And to add to the fun, I remember having discovered after severalhours
last week that the port forwarding rules I built did not allowed the
host computer to access the VM, at least, not when asking on host'IP(
aka 172.20.14.XX ).
- For this you need to do the port forwarding on locally generatedpackets.
# iptables -t nat -A OUTPUT -d 172.20.14.XX -p tcp --dport 80 \
   -j DNAT --to 10.10.10.30

Sorry for the late reply, I did not had time to try this before. Itworks! Thanks a lot ( and thanks to other people which have replied too)

Reply to:

Prev by Date: [SOLVED] Re: wine-unstable 64 bit
Next by Date: Re: hardware errors
Previous by thread: Re: Unable to locate theme engine in module_path: "xfce"
Next by thread: Re: iptables, virtualbox and port forwarding
Index(es):
- Date
- Thread