Re: [one-users] KVM default NAT networking and port forwarding

2013-11-06 Thread Jaime Melis 
Hi Andy,

The recommended way to do NAT and port forwarding in OpenNebula is using
the Virtual Router:
http://opennebula.org/documentation:rel4.2:router

If you would rather do it the way you were, I think it would be better to
use Libvirt strategy, which for NAT is:

* create a bridge
* enable NAT by adding a masquerade rule: iptables -t nat -A POSTROUTING -o
 -j MASQUERADE
* enable forwarding: net.ipv4.ip_forward = 1 in /etc/sysctl.conf

And for forwarding I would create ad-hoc iptables rules:

iptables -t nat -A PREROUTING -p tcp --dport ${Host_port[$i]} -j DNAT \
--to ${Guest_ipaddr}:${Guest_port[$i]}
iptables -I FORWARD -d ${Guest_ipaddr}/32 -p tcp -m state --state NEW \
-m tcp --dport ${Guest_port[$i]} -j ACCEPT

More info here: http://wiki.libvirt.org/page/Networking

If you want OpenNebula to do it automatically I would register a hook in
the Running Virtual Machine event that applies those rules, and a similar
one on the delete event that removes them.

cheers,
Jaime



On Sat, Nov 2, 2013 at 9:05 AM, Andy Coates  wrote:

> Hey,
>
> I have a very basic setup that requires no ON configured networking, just
> the default NAT that KVM provides out of the box.
>
> I'm not sure how to "properly" define an interface to achieve this.  I've
> got it working via the RAW section by adding:
>
>   type='virtio'/>
>
> This works and it provides the default NAT interface, but is that how it
> should be done?  I ask because the second issue I have is that I cannot
> port forward from the host.  According to the KVM docs, using these
> parameters (added via qemu:commandline option) should forward TCP port 3389:
>
> -net user,hostfwd=tcp::3389-:3389
>
> It doesn't work though, and I have a feeling this is because of how I
> defined the network/interface above.  The host does start to listen on port
> 3389 when KVM starts, I can see that through netstat/lsof - it just doesn't
> seem to connect through to the VM.
>
> Any ideas?
>
> Thanks.
>
> ___
> Users mailing list
> Users@lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>


-- 
Jaime Melis
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org | jme...@opennebula.org
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] KVM default NAT networking and port forwarding

2013-11-02 Thread Andy Coates 
Hey,

I have a very basic setup that requires no ON configured networking, just
the default NAT that KVM provides out of the box.

I'm not sure how to "properly" define an interface to achieve this.  I've
got it working via the RAW section by adding:

 

This works and it provides the default NAT interface, but is that how it
should be done?  I ask because the second issue I have is that I cannot
port forward from the host.  According to the KVM docs, using these
parameters (added via qemu:commandline option) should forward TCP port 3389:

-net user,hostfwd=tcp::3389-:3389

It doesn't work though, and I have a feeling this is because of how I
defined the network/interface above.  The host does start to listen on port
3389 when KVM starts, I can see that through netstat/lsof - it just doesn't
seem to connect through to the VM.

Any ideas?

Thanks.
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org