I found a minor issue in the hook provided by libvirt documentation regarding Host to Guest forwarding. NOTE: This only applies when the guest is using NAT networking.
Scenario on a CentOS 7 VM host:
A KVM (libvirt) guest provides a specific service on some port, let's say 8080. The idea is to setup the host to NAT traffic destined to host's ip at a specific port, to the guest IP at a specific host.
Host IP: 192.168.100.10
port to forward: 8080
Guest: 192.168.122.10
port listening: 8080
client -> 192.168.100.10:8080 -- Forward --> 192.168.122.10:8080
The libvirt documentation provides the following hook script to deal with exactly this situation:
http://wiki.libvirt.org/page/Networking#Forwarding_Incoming_Connections
However, there is a problem as the script will never succeed in adding the rules.
The following if statement is never entered as the variable tested against does not match the strings.
if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ]; then
The variable will contain the word "started" when it hits this if statement. To fix this, simply add another OR:
if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ] || [ "${2}" = "started" ]; then
After that change restart libvirtd:
systemctl restart libvirtd
Check to make sure the FORWARD rule was added to the ip chain:
iptables -nL FORWARD
Note that this does not enable localhost:8080 from the Host to work. However, the host (in NAT Networking) can still connect to the Guest on its IP at 192.168.122.10:8080
Works well for my purposes.
Scenario on a CentOS 7 VM host:
A KVM (libvirt) guest provides a specific service on some port, let's say 8080. The idea is to setup the host to NAT traffic destined to host's ip at a specific port, to the guest IP at a specific host.
Host IP: 192.168.100.10
port to forward: 8080
Guest: 192.168.122.10
port listening: 8080
client -> 192.168.100.10:8080 -- Forward --> 192.168.122.10:8080
The libvirt documentation provides the following hook script to deal with exactly this situation:
http://wiki.libvirt.org/page/Networking#Forwarding_Incoming_Connections
However, there is a problem as the script will never succeed in adding the rules.
The following if statement is never entered as the variable tested against does not match the strings.
if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ]; then
The variable will contain the word "started" when it hits this if statement. To fix this, simply add another OR:
if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ] || [ "${2}" = "started" ]; then
After that change restart libvirtd:
systemctl restart libvirtd
Check to make sure the FORWARD rule was added to the ip chain:
iptables -nL FORWARD
Note that this does not enable localhost:8080 from the Host to work. However, the host (in NAT Networking) can still connect to the Guest on its IP at 192.168.122.10:8080
Works well for my purposes.
No comments:
Post a Comment