From: azteca <azteca@liwest.at>
To: "Neal P. Murphy" <neal.p.murphy@alum.wpi.edu>, netfilter@vger.kernel.org
Subject: Re: failure to set up a "simple" rule-set to get an ssh connection through to a KVM/qemu guest
Date: Sat, 01 Aug 2015 19:58:20 +0200 [thread overview]
Message-ID: <55BD08BC.7000804@liwest.at> (raw)
In-Reply-To: <20150801110542.1d044f49@playground>
hey, neal!
thanks for your response, though unfortunately not the solution yet, i
am afraid...
root@RoX0R /home/aztec # cat /proc/sys/net/ipv4/ip_forward
1
cat says it is in there...
i set:
net.ipv4.ip_forward=1
in /etc/sysctl.conf
without that, I also previously couldn't connect to the debian servers
for the missing packets form within the guest.
now i only need to figure out the other way around...
sorry, i forgot to mention that one parameter...
it is a systemd OS now, not sysVinit anymore, unfortunately.
On 08/01/2015 05:05 PM, Neal P. Murphy wrote:
>
>
> On Sat, 01 Aug 2015 10:23:56 +0200
> azteca <azteca@liwest.at> wrote:
>
>> Good day, Ladies and Gentlemen!
>>
>> If I might politely ask you, to assist an utter noob to the subject of
>> iptables with the following issue:
>>
>> Currently, I am in the process of setting up a KVM host with several
>> virtual machines, each of them has an own public IP.
>> That means, that four different IP-addresses are being routed to the
>> host's eth0.
>>
>> What I am trying to achieve, is to let the host have one IP, under which
>> it is reachable, and to forward each of the remaining three addresses,
>> each with an own DNS record, to one of three according KVM guests via NAT.
>>
>> What I have accomplished so far, is the following:
>> .) The KVM host is reachable per ssh through an enabled net-filter,
>> whose INPUT and FORWARD policy are otherwise set to DROP. That the
>> net-filter does work properly, is verifiable through /var/log/messages.
>> .) The KVM host is able to connect to a DNS Server properly.
>> .) The KVM host can send mails via nullmailer.
>> .) Also could I set up a KVM guest with Debian 8.1 Linux per
>> net-install, meaning, the installation inside the virtual machine was
>> able to reach the source mirrors from a minimal start-up CD-image, and
>> to download the missing installation packets from there.
>>
>> What I am failing with, is, to connect to the single first setup KVM
>> guest in which ever way.
> You may have overlooked:
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> Without that, your system won't route packets.
>
prev parent reply other threads:[~2015-08-01 17:58 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-01 8:23 failure to set up a "simple" rule-set to get an ssh connection through to a KVM/qemu guest azteca
2015-08-01 15:05 ` Neal P. Murphy
2015-08-01 17:58 ` azteca [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55BD08BC.7000804@liwest.at \
--to=azteca@liwest.at \
--cc=neal.p.murphy@alum.wpi.edu \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox