[libvirt] iptables and libvirt
Ulrich Dangel
uli at spamt.net
Thu Feb 19 15:47:15 UTC 2009
On Friday 13 February 2009 19:21:10 Thomas Woerner wrote:
Hi,
i just got the same idea, so here are some thoughts.
> Some Questions:
> 3) What do you want to do with user-customized firewalls?
I want do to port forwarding for a nat network for statically configured ip
addressed.
A solution could be:
<network>
<name>sample</name>
<forward dev='eth0' mode='nat'/>
<bridge name='intbr0' stp='on' forwardDelay='0' />
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254' />
<host mac='AA:BB:CC:DD:EE:FF' ip='192.168.122.102'>
<port proto='tcp' destip='EXT_IP' dport='80' />
<port proto='tcp' destip='EXT_IP' dport='2202' mapped_port='22'>
</host>
</dhcp>
</ip>
</network>
The first mapping could be translatet in something like
iptables -A FORWARD -i intbr0 -p tcp -d 192.168.122.102 --dport 80 \
-m state NEW -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -s EXT_IP --dport 80 -j DNAT \
--to-destination 192.168.122.102
second one would be
iptables -A FORWARD -i intbr0 -p tcp -d 192.168.122.102 --dport 22 \
-m state NEW -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -s EXT_IP --dport 2202 -j DNAT \
--to-destination 192.168.122.102:22
Hope this makes it a little bit clearer what i want to do with user customized
firewalls.
Uli
More information about the libvir-list
mailing list