[libvirt] Libvirt Forwarding Incoming Connections
kim
kim at incrediblecharts.com
Wed Feb 25 00:50:44 UTC 2015
Hi Libvirt Developers
The link at http://wiki.libvirt.org/page/Networking under "Forwarding
Incoming Connections " for the advanced version of the script is not
working.
We experienced problems with the script in that there is no interface
specified and although the port forwarding worked, it was too global and
caused a loop when we forwarded port 80 to a guest machine that required
outbound port 80 connectivity.
The advanced script might (and probably does) resolve the problems that
we experienced but as it is not available here is our script in the hope
that it may be useful to others.
Start of script:
#!/bin/sh
# derived from script at "http://wiki.libvirt.org/page/Networking"
debugfile=/dev/null
# set debugfile to desired path and uncomment to debug
#debugfile=/mydebugpath/libvirt_hooks_qemu.debug
# ${1} AND ${2} ARE PASSED TO THIS SCRIPT BY LIBVIRTD
VIR_DOMAIN=${1}
ACTION=${2}
echo -e "VIR_DOMAIN="${VIR_DOMAIN}'\n'"ACTION="${ACTION}'\n' >
${debugfile}
function setiptables ()
{
local Host_interface=${1}
local Guest_name=${2}
local Guest_ipaddr=${3}
local -a Host_port=("${!4}")
local -a Guest_port=("${!5}")
echo -e
"Host_interface="${Host_interface}'\n'"Guest_name="${Guest_name}'\n'"Guest_ipaddr="${Guest_ipaddr}'\n'"Host_port=
${Host_port[@]}"'\n'"Guest_port=${Guest_port[@]}"'\n' >> ${debugfile}
length=$(( ${#Host_port[@]} - 1 ))
if [ "${VIR_DOMAIN}" = "${Guest_name}" ]; then
if [ "${ACTION}" = "stopped" -o "${ACTION}" =
"reconnect" ]; then
for i in `seq 0 $length`; do
PrerouteCmd="iptables -t nat -D PREROUTING -p tcp
--dport ${Host_port[$i]} -j DNAT -i ${Host_interface} --to
${Guest_ipaddr}:${Guest_port[$i]}"
ForwardCmd="iptables -D FORWARD -d
${Guest_ipaddr}/32 -p tcp -m state --state NEW -m tcp --dport
${Guest_port[$i]} -j ACCEPT"
sh -c "${PrerouteCmd}"
sh -c "${ForwardCmd}"
echo -e
${PrerouteCmd}'\n'${ForwardCmd}'\n' >> ${debugfile}
done
fi
if [ "${ACTION}" = "start" -o "${ACTION}" = "reconnect"
]; then
for i in `seq 0 $length`; do
PrerouteCmd="iptables -t nat -A PREROUTING
-p tcp --dport ${Host_port[$i]} -j DNAT -i ${Host_interface} --to
${Guest_ipaddr}:${Guest_port[$i]}"
ForwardCmd="iptables -I FORWARD -d
${Guest_ipaddr}/32 -p tcp -m state --state NEW -m tcp --dport
${Guest_port[$i]} -j ACCEPT"
sh -c "${PrerouteCmd}"
sh -c "${ForwardCmd}"
echo -e
${PrerouteCmd}'\n'${ForwardCmd}'\n' >> ${debugfile}
done
fi
echo -e '\n' >> ${debugfile}
fi
return 0
}
# **********************************
# Guest1 *
# **********************************
Guest=Guest1
Guest_ip=192.168.122.xxx
# Forwarding from ethernet Interface eno1
interface=eno1
# This will route port 80 on ethernet interface eno1 to Guest IP address
192.168.122.xxx port 8080
# This will route port 443 on ethernet interface eno1 to Guest IP
address 192.168.122.xxx port 443
# use an equal number of guest and host ports
Host_port_array=( '80' '443' )
Guest_port_array=( '8080' '443' )
setiptables ${interface} ${Guest} ${Guest_ip} Host_port_array[@]
Guest_port_array[@]
# Forwarding from vpn interface tun0 (example for openvpn connection)
interface=tun0
# This will route port 3395 on vpn interface tun0 to Guest IP address
192.168.122.xxx port 3395
# use an equal number of guest and host ports
Host_port_array=( '3395' )
Guest_port_array=( '3395' )
setiptables ${interface} ${Guest} ${Guest_ip} Host_port_array[@]
Guest_port_array[@]
# Multiple guest machines can be configured in a similar way
# ********* end of script ***********
More information about the libvir-list
mailing list