Here's my situation:
I have set up a Virtual machine on a dedicated server from 1and1. I hoped to use a bridge to give the vm direct access to the internet but 1and1 do mac filtering and so the only option is to use NAT.
I used Virtual Machine Manager on my Ubuntu 10.04 machine at home to install Debain Lenny on the vm on the server using KVM and all went well. I put it on a virtual network 192.168.100.0 and i can access it from the host and i can access the internet from the guest using NAT that libvirt set-up.
I bought another ip address from 1and1 with the hope of forwarding packets to the new ip address 11.22.33.02 to the guest vm.
I have tried all sorts of routing rules using iptables without any success.
my virtual network is on virbr1
the guest ip is 192.168.100.50
my external network device is ip say 11.22.33.01 on eth0
with the secondary ip say 11.22.33.02 on eth0:1
Here are the latest rules i tried:
Quote:
iptables -t nat -A PREROUTING -d 11.22.33.02 -i eth0 -j DNAT --to-destination 192.168.100.50
iptables -t nat -A POSTROUTING -s 192.168.100.50 -o eth0 -j SNAT --to-source 11.22.33.02
iptables -A FORWARD -p tcp -i eth0 -o virbr1 -d 192.168.100.50 -m state --state NEW -j ACCEPT
iptables -A FORWARD -t filter -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
#iptables -t nat -L
then gives me
Quote:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT all -- anywhere 11.22.33.02 to:192.168.100.50
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.100.0/24 !192.168.100.0/24
SNAT all -- 192.168.100.50 anywhere to:11.22.33.02
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
|
and
#iptables -L FORWARD
Quote:
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.100.0/24 state RELATED,ESTABLISHED
ACCEPT all -- 192.168.100.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere 192.168.100.50 state NEW
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
|
But i can't access the vm from the internet on 11.22.33.02 the packets get lost
What am i missing? I have looked around the internet for ages but not found any guidence on this type of setup that has worked. I am no expert on iptables and have only tried other peoples setups who are in similar situations.
Any help will be much appreciated!!