Переадресация порта NAT с использованием iptable не работает
У меня есть сервер с Ubuntu Server
и Xubuntu
виртуальная машина на нем, программное обеспечение для виртуализации virt-manager
,
Ubuntu Server IP: 172.16.63.140
Xubuntu Virtual Machine IP: 192.168.122.4
я могу сделать
ssh 172.16.63.140
подключиться к Ubuntu Server
и из этой оболочки SSH я могу сделать
ssh 192.168.122.4
подключиться к Xubuntu Virtual Machine
,
Используя iptables, я хочу перенаправить порт ssh, чтобы сделать виртуальную машину видимой снаружи, вот команды, которые я использую:
sudo /sbin/iptables -t nat -I PREROUTING -p tcp -i em1 --dport 22222 -j DNAT --to-destination 192.168.122.4:22
sudo /sbin/iptables -I FORWARD -p tcp -d 192.168.122.4 --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
это вывод iptables:
user@hostname:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere 192.168.122.4 tcp dpt:ssh state NEW,RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
user@hostname:~$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:22222 to:192.168.122.4:22
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
но если я сделаю:
ssh -p 22222 172.16.63.140
это содержание /etc/network/interfaces
на хосте
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto em1
#iface em1 inet dhcp
#MICHELE MODIFIED: delete from here
iface em1 inet static
address 172.16.63.140
netmask 255.255.255.0
network 172.16.63.0
broadcast 172.16.63.255
gateway 172.16.63.254
это содержание /etc/network/interfaces
на гостя
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
это содержимое /etc/libvirt/qemu/UbuntuSynth.xml
<!--
WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:
virsh edit UbuntuSynth
or other application using the libvirt API.
-->
<domain type='kvm'>
<name>UbuntuSynth</name>
<uuid>21851d31-25f2-940b-8cff-afa09e329713</uuid>
<memory unit='KiB'>4194304</memory>
<currentMemory unit='KiB'>4194304</currentMemory>
<vcpu placement='static'>8</vcpu>
<os>
<type arch='x86_64' machine='pc-i440fx-trusty'>hvm</type>
<boot dev='hd'/>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/kvm-spice</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/var/lib/libvirt/images/UbuntuSynth.img'/>
<target dev='hda' bus='ide'/>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
<disk type='block' device='cdrom'>
<driver name='qemu' type='raw'/>
<target dev='hdc' bus='ide'/>
<readonly/>
<address type='drive' controller='0' bus='1' target='0' unit='0'/>
</disk>
<controller type='usb' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pci-root'/>
<controller type='ide' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
</controller>
<interface type='network'>
<mac address='52:54:00:75:4c:d3'/>
<source network='default'/>
<model type='rtl8139'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
<serial type='pty'>
<target port='0'/>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<graphics type='vnc' port='-1' autoport='yes'/>
<sound model='ich6'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</sound>
<video>
<model type='cirrus' vram='9216' heads='1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</memballoon>
</devices>
</domain>
хост-машина ifconfig
em1 Link encap:Ethernet HWaddr f0:1f:af:ef:1b:b5
inet addr:172.16.63.140 Bcast:172.16.63.255 Mask:255.255.255.0
inet6 addr: fe80::f21f:afff:feef:1bb5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:28474137 errors:0 dropped:0 overruns:0 frame:0
TX packets:65644719 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2701543645 (2.7 GB) TX bytes:86462963020 (86.4 GB)
Memory:da500000-da600000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:12327288 errors:0 dropped:0 overruns:0 frame:0
TX packets:12327288 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2986574536 (2.9 GB) TX bytes:2986574536 (2.9 GB)
virbr0 Link encap:Ethernet HWaddr fe:54:00:75:4c:d3
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15817438 errors:0 dropped:0 overruns:0 frame:0
TX packets:28427336 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:82982143933 (82.9 GB) TX bytes:2706857124 (2.7 GB)
vnet0 Link encap:Ethernet HWaddr fe:54:00:8e:0b:d3
inet6 addr: fe80::fc54:ff:fe8e:bd3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12504257 errors:0 dropped:0 overruns:0 frame:0
TX packets:25522667 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:81619900128 (81.6 GB) TX bytes:1884322484 (1.8 GB)
vnet1 Link encap:Ethernet HWaddr fe:54:00:75:4c:d3
inet6 addr: fe80::fc54:ff:fe75:4cd3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3313181 errors:0 dropped:0 overruns:0 frame:0
TX packets:3248438 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:1583687937 (1.5 GB) TX bytes:842952463 (842.9 MB)
гостевая машина ifconfig
eth0 Link encap:Ethernet HWaddr 52:54:00:75:4c:d3
inet addr:192.168.122.4 Bcast:192.168.122.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fe75:4cd3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3163707 errors:0 dropped:1 overruns:0 frame:0
TX packets:3313229 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:794261483 (794.2 MB) TX bytes:1583695154 (1.5 GB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:10588809 errors:0 dropped:0 overruns:0 frame:0
TX packets:10588809 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3603005625 (3.6 GB) TX bytes:3603005625 (3.6 GB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
с моего ноутбука соединение вернется с ошибкой таймаута, в чем проблема?
1 ответ
В вашем наборе правил iptables вы не указали путь возврата. Тебе нужно:
sudo /sbin/iptables -t nat -I POSTROUTING -o em1 -j SNAT --to 172.16.63.140
Вы также должны убедиться, что переадресация включена. Пример:
$ cat /proc/sys/net/ipv4/ip_forward
1