From: azteca <azteca@liwest.at>
To: "Neal P. Murphy" <neal.p.murphy@alum.wpi.edu>, netfilter@vger.kernel.org
Subject: Re: failure to set up a "simple" rule-set to get an ssh connection through to a KVM/qemu guest
Date: Sat, 01 Aug 2015 19:58:20 +0200 [thread overview]
Message-ID: <55BD08BC.7000804@liwest.at> (raw)
In-Reply-To: <20150801110542.1d044f49@playground>
hey, neal!
thanks for your response, though unfortunately not the solution yet, i
am afraid...
root@RoX0R /home/aztec # cat /proc/sys/net/ipv4/ip_forward
1
cat says it is in there...
i set:
net.ipv4.ip_forward=1
in /etc/sysctl.conf
without that, I also previously couldn't connect to the debian servers
for the missing packets form within the guest.
now i only need to figure out the other way around...
sorry, i forgot to mention that one parameter...
it is a systemd OS now, not sysVinit anymore, unfortunately.
On 08/01/2015 05:05 PM, Neal P. Murphy wrote:
>
>
> On Sat, 01 Aug 2015 10:23:56 +0200
> azteca <azteca@liwest.at> wrote:
>
>> Good day, Ladies and Gentlemen!
>>
>> If I might politely ask you, to assist an utter noob to the subject of
>> iptables with the following issue:
>>
>> Currently, I am in the process of setting up a KVM host with several
>> virtual machines, each of them has an own public IP.
>> That means, that four different IP-addresses are being routed to the
>> host's eth0.
>>
>> What I am trying to achieve, is to let the host have one IP, under which
>> it is reachable, and to forward each of the remaining three addresses,
>> each with an own DNS record, to one of three according KVM guests via NAT.
>>
>> What I have accomplished so far, is the following:
>> .) The KVM host is reachable per ssh through an enabled net-filter,
>> whose INPUT and FORWARD policy are otherwise set to DROP. That the
>> net-filter does work properly, is verifiable through /var/log/messages.
>> .) The KVM host is able to connect to a DNS Server properly.
>> .) The KVM host can send mails via nullmailer.
>> .) Also could I set up a KVM guest with Debian 8.1 Linux per
>> net-install, meaning, the installation inside the virtual machine was
>> able to reach the source mirrors from a minimal start-up CD-image, and
>> to download the missing installation packets from there.
>>
>> What I am failing with, is, to connect to the single first setup KVM
>> guest in which ever way.
> You may have overlooked:
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> Without that, your system won't route packets.
>
prev parent reply other threads:[~2015-08-01 17:58 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-01 8:23 failure to set up a "simple" rule-set to get an ssh connection through to a KVM/qemu guest azteca
2015-08-01 15:05 ` Neal P. Murphy
2015-08-01 17:58 ` azteca [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55BD08BC.7000804@liwest.at \
--to=azteca@liwest.at \
--cc=neal.p.murphy@alum.wpi.edu \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.