nat and QEMU guests

DD554 · 12-18-2010, 01:43 PM

Hi all.

I have QEMU with 2 virtual os running in, on virtual network 192.168.122.0/24. today i installed on it a win 2k3 server and a centos as web servers. well, except from the computer that hosts QEMU, there is no way to access apache or IIS of the guests from internet or LAN (192.168.1.0/24)
what nat rules are supposed to add, cause virtd manager applies only rules to make guests work as clients only.

thanks in advance

nimnull22 · 12-18-2010, 03:32 PM

Can you send here the output of:
ifconfig -a
executed on host, when QEMU works with virtual os.

And also:
route -n
executed on host

Please, before post outputs here remove all private IPs.

Thanks

jefro · 12-18-2010, 04:20 PM

Isn't the default qemu something like 10.0.2.15?

DD554 · 12-18-2010, 04:52 PM

remove private IP addresses from output?? if i launch ifconfig and route it means i wanna see IPs, how can i remove from output? so sorry, i'll copy as it is. it's no confusing and it's not a security issue. it's just a local network.
192.168.1.19 is the host, 192.168.122.0/24 is for the guests

[root@poc ~]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:1F

0:9D:3A:9C
inet addr:192.168.1.19 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::21f:d0ff:fe9d:3a9c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:472465 errors:0 dropped:0 overruns:0 frame:0
TX packets:277007 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:622992186 (594.1 MiB) TX bytes:25487405 (24.3 MiB)
Interrupt:44 Base address:0x6000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:26723 errors:0 dropped:0 overruns:0 frame:0
TX packets:26723 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:24917867 (23.7 MiB) TX bytes:24917867 (23.7 MiB)

virbr0 Link encap:Ethernet HWaddr FE:54:00:C4:6B:99
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:81777 errors:0 dropped:0 overruns:0 frame:0
TX packets:111450 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:9744596 (9.2 MiB) TX bytes:78110758 (74.4 MiB)

vnet0 Link encap:Ethernet HWaddr FE:54:00:C4:6B:99
inet6 addr: fe80::fc54:ff:fec4:6b99/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:66149 errors:0 dropped:0 overruns:0 frame:0
TX packets:86474 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:9808226 (9.3 MiB) TX bytes:38418031 (36.6 MiB)

[root@poc ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0

nimnull22 · 12-19-2010, 04:45 AM

You have two interfaces:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0

I do not understand what vnet0 is and what is it made for, but I think you can ignore it.

All packets can be addressed to your eth0, and if you want them to go to virbr0 you need to:
Enable forward in sysctl
Accept forward in iptables
Redirect some ports from eth0 to virbr0 with iptable in "prerouting/dnat" chain.

That is what I think, if anyone else here suggest a different solution you will have a choice.

Thanks.