Port Forwarding to KVM Guest

Alex Sage

So I have my server running over at Wholesale Internet, and I need to start forwarding some port to KVM guests.

Normally I would just setup KVM to use the local network, but clearly I can't in this situation

So I am to ping the KVM Guest from the host no problem.

Here is my firewall rules:

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp6s0f0
  sources: 
  services: dhcpv6-client ssh
  ports: 5901/tcp 2222/tcp
  protocols: 
  masquerade: yes
  forward-ports: port=2222:proto=tcp:toport=22:toaddr=192.168.100.234
  sourceports: 
  icmp-blocks: 
  rich rules: 

This is just for testing! What am I missing?

scottalanmiller

Is it not working?

Alex Sage

@scottalanmiller No. I just tried to install httpd on the KVM guest and forward port 80...

No luck there ether... I can see what webpage on the host.

scottalanmiller

Did you add this command?

firewall-cmd --zone=public --add-masquerade --permanent

scottalanmiller

Oh sorry, I see that you did.

Alex Sage

@scottalanmiller @dafyre has been helping me out, but we aren't able to get it working...

Alex Sage

Hmmmm....

http://blog.adamspiers.org/2012/01/23/port-redirection-from-kvm-host-to-guest/

dafyre

The documentation on a page we were looking at (I don't have the URL right now) suggested to use the --zone=external . Could that be a potential hangup -- even though the interface itself is listed in the "public" zone?

scottalanmiller

@dafyre said in Port Forwarding to KVM Guest:

The documentation on a page we were looking at (I don't have the URL right now) suggested to use the --zone=external . Could that be a potential hangup -- even though the interface itself is listed in the "public" zone?

That would absolutely be the problem. Only the zone that the interface is actually on will work.

Alex Sage

@scottalanmiller so your saying move the interface to external?

dafyre

@aaronstuder try:

firewall-cmd --get-active-zones

And see which one shows up... Also, are you able to SSH to the guest VM from your KVM host?

Alex Sage

@dafyre ill try

Alex Sage

@dafyre said in Port Forwarding to KVM Guest:

are you able to SSH to the guest VM from your KVM host?

Yes

dafyre

@aaronstuder said in Port Forwarding to KVM Guest:

@dafyre said in Port Forwarding to KVM Guest:

are you able to SSH to the guest VM from your KVM host?

Yes

And what about the other command above?

Alex Sage

@dafyre

public
   interfaces: enp6s0f0

dafyre

@aaronstuder said in Port Forwarding to KVM Guest:

@dafyre

public
   interfaces: enp6s0f0

Can you post the whole output of that section?

Alex Sage

I moved the interface to external

external (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp6s0f0
  sources: 
  services: ssh
  ports: 
  protocols: 
  masquerade: yes
  forward-ports: port=2222:proto=tcp:toport=22:toaddr=192.168.100.234
  sourceports: 
  icmp-blocks: 
  rich rules:

Still not working

Alex Sage

KVM Networking was set to NAT not Routed

I guess I am learning?........