V
V
VA2016-02-04 13:38:25
iptables
VA, 2016-02-04 13:38:25

Is port forwarding to a virtual machine (Windows Server 2012) correct on CentOS?

Hi all!
In general (do not ask me why such a perversion) there is a Windows Server 2012R2 virtual machine on CentOS6, on a remote server on one IP address allocated by the host, for example 111.111.111.111 - on eth0
The virbr0 virtual machine is on 192.168.122.1-192.168.122.254. DHCP is enabled in it.
IP WindowsServer 192.168.122.253
Task:
1. There will be a web server on WindowsServer, which should eventually work on 111.111.111.111:80.
2. Forward the port for RDP (3389) connection to Windows Server in order to connect to this server from the outside in order to deploy an IIS web server.
3. Forward the port for FTP (21) for remote connection of the web developer.
I sketched the first solution, tell me which one is better in your opinion.
one)
sudo iptables -t nat -A PREROUTING --dst 111.111.111.111 -p tcp --dport 80 -j DNAT --to-destination 192.168.122.253
sudo iptables -I FORWARD 1 -i eth0 -o virbr0 -d 192.168.122.253 - p tcp -m tcp --dport 80 -j ACCEPT
2)
sudo iptables -t nat -A PREROUTING --dst 111.111.111.111 -p tcp --dport 3389 -j DNAT --to-destination 192.168.122.253
sudo iptables -I FORWARD 1 -i eth0 -o
virbr0 -d 192.168.122.253 -p tcp -m tcp --dport 3389 -j
ACCEPT A PREROUTING --dst 111.111.111.111 -p tcp --dport 8888 -j DNAT --to-destination 192.168.122.253
sudo iptables -I FORWARD 1 -i eth0 -o virbr0 -d 192.168.122.253 -p tcp -m tcp - -dport 21 -j ACCEPT
If there are other ways to solve, more concise or I wrote it wrong, tell me
the tools are available in the form: virt-manager, virsh.
Worth qemu-kvm. libvirt

Answer the question

In order to leave comments, you need to log in

1 answer(s)
V
VA, 2016-02-05
@Ozymandis

In general, who is also interested in this question.
I did this:
-First stop the virtual machine.
-Created a file "qemu" (you can name it differently) in /etc/libvirt/hooks/ (I also created the hooks folder myself)
-And wrote a script in this file.
The script is:
----------------------------------------------------- ------
#!/bin/bash
# used some from advanced script to have multiple ports: use an equal number of guest and host ports
# Update the following variables to fit your setup
Guest_name=Virtual Machine
Name Guest_ipaddr=IP- virtual machine address
Host_ipaddr=Server IP address (external, given by hoster)
Host_port=( 'external port1' 'external port2' )
Guest_port=( 'virtual machine port1' 'virtual machine port2' )
length=$(( ${#Host_port[@]} - 1 ))
if [ "${1}" = "${Guest_name}" ]; then
if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then
for i in `seq 0 $length`; do
iptables -t nat -D PREROUTING -d ${Host_ipaddr} -p tcp --dport ${Host_port[$i]} -j DNAT --to ${Guest_ipaddr}:${Guest_port[$i]}
iptables -D FORWARD -d ${Guest_ipaddr}/32 -p tcp -m state --state NEW -m tcp --dport ${Guest_port[$i]} -j ACCEPT
done
fi
if [ "${2}" = "start" ]|| [ "${2}" = "reconnect" ]; then
for i in `seq 0 $length`;
iptables -t nat -A PREROUTING -d ${Host_ipaddr} -p tcp --dport ${Host_port[$i]} -j DNAT --to ${Guest_ipaddr}:${Guest_port[$i]}
iptables -I FORWARD -d ${Guest_ipaddr}/32 -p tcp -m state --state NEW -m tcp --dport ${Guest_port[$i]} -j ACCEPT
done
fi
fi
------------ ----------------------------------
- Then I did this:
chmod +x /etc/libvirt/hooks/qemu
- And I did a restart of libvirt
service libvirtd restart
And it all worked. But in my opinion this method is unsafe.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question