Forward ports to KVM XP Guest

J

jjrroberts

Guest
Hi,

I've had a good look for the answer to this question, but can't figure it out.. Hoping someone can assist.

What is the correct procedure to forward ports on the host, to ports on kvm guests?

Using VMware with a NAT setup, you simply edit a nat conf file and restart networking. Is there a proxmox alternative?

When starting qemu guests, it seems like the -redir option would do whats needed, how can i pass that to the guest on startup? Is there somewhere configurable that i could add these options?


To put this another way - With a proxmox setup using NAT, how would i forward port 8080 on the host to port 22222 on an xp guest?

Hope this is clear..
 
Complex is correct, will have a proper read through that article again..

I noticed firewall support is on your roadmap, any chance of putting an approx timeframe to that?

I'd expect to be able to ping my XP guest (10.0.2.15) from the host, but i can't.

# ping 10.0.2.15
PING 10.0.2.15 (10.0.2.15) 56(84) bytes of data.
From (IP removed, was the gateway IP of the host) icmp_seq=1 Destination Host Unreachable

I think my network config is messed up, are you able to provide a route command output from a working system? My hosting provider did the install, perhaps they made a change they shouldn't have?
 
# network interface settings
auto lo vmbr0
iface lo inet loopback

iface eth0 inet manual

iface vmbr0 inet static
address 87.118.126.3
netmask 255.255.255.0
gateway 87.118.126.1
bridge_ports eth0
bridge_stp off
bridge_fd 0
Click to expand...

A linux VM created using openvz works fine (pingable from host), so hopefully it's something simple I/My Host have missed.

cheers
 
dietmar said:
And where is the 10.0.2.XXX network?
Click to expand...

This is the range that my XP guests appear to be auto assigned via DHCP.

dietmar said:
You need to add an additional route, see:

http://www.proxmox.com/forum/showthread.php?t=765
http://www.proxmox.com/forum/showthread.php?t=841

Does that help?
Click to expand...

No luck i'm afraid..

Heres what i tried ;

km34335:/var/lib/vz/imports# route add -net 10.5.0.0 netmask 255.255.255.0 dev vmbr0
km34335:/var/lib/vz/imports# ping 10.0.2.15
PING 10.0.2.15 (10.0.2.15) 56(84) bytes of data.
From 87.118.126.1 icmp_seq=1 Destination Host Unreachable
From 87.118.126.1 icmp_seq=2 Destination Host Unreachable

--- 10.0.2.15 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 999ms

km34335:/var/lib/vz/imports# route add -net 10.0.2.0 netmask 255.255.255.0 dev vmbr0
km34335:/var/lib/vz/imports# ping 10.0.2.15
PING 10.0.2.15 (10.0.2.15) 56(84) bytes of data.
From 87.118.126.3 icmp_seq=2 Destination Host Unreachable
From 87.118.126.3 icmp_seq=3 Destination Host Unreachable
From 87.118.126.3 icmp_seq=4 Destination Host Unreachable

--- 10.0.2.15 ping statistics ---
7 packets transmitted, 0 received, +3 errors, 100% packet loss, time 6004ms
, pipe 3
km34335:/var/lib/vz/imports# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vmbr0
87.118.126.0 0.0.0.0 255.255.255.0 U 0 0 0 vmbr0
10.5.0.0 0.0.0.0 255.255.255.0 U 0 0 0 vmbr0
0.0.0.0 87.118.126.1 0.0.0.0 UG 0 0 0 vmbr0
km34335:/var/lib/vz/imports# route del -net 10.5.0.0 netmask 255.255.255.0 dev vmbr0
km34335:/var/lib/vz/imports# route del -net 10.0.2.0 netmask 255.255.255.0 dev vmbr0
km34335:/var/lib/vz/imports# route add -net 10.0.2.0 netmask 255.255.255.0 dev eth0
km34335:/var/lib/vz/imports# ping 10.0.2.15
PING 10.0.2.15 (10.0.2.15) 56(84) bytes of data.
From 87.118.126.3 icmp_seq=1 Destination Host Unreachable
From 87.118.126.3 icmp_seq=2 Destination Host Unreachable
From 87.118.126.3 icmp_seq=3 Destination Host Unreachable

--- 10.0.2.15 ping statistics ---
6 packets transmitted, 0 received, +3 errors, 100% packet loss, time 5030ms
Click to expand...

I noticed in the second thread you linked that "bridge_stp on" whereas i have it set as off? Is that a problem?
 
jjrroberts said:
I noticed in the second thread you linked that "bridge_stp on" whereas i have it set as off? Is that a problem?
Click to expand...

No.

Please verify your XP guests config. Whats the output of

# ipconfig /all

And disable any XP firewall for testing.
 
dietmar said:
And why do you add a route for '-net 10.5.0.0' ?
Click to expand...

Because the linked post used that range and i thought it may have relevance, clearly not!

dietmar said:
No.

Please verify your XP guests config. Whats the output of

# ipconfig /all

And disable any XP firewall for testing.
Click to expand...

Attached, firewall disabled. I've tried serveral different XP installs, plus a 2003 install as well, always the same.

I'm pretty sure its a routing problem on the host, but i'm stumped as to the next step.
 

Attachments

  • screen-capture-1.png
    screen-capture-1.png
    87.2 KB · Views: 23
Last edited by a moderator:
jjrroberts said:
I'm pretty sure its a routing problem on the host, but i'm stumped as to the next step.
Click to expand...

If you do:

# route add -net 10.0.2.0 netmask 255.255.255.0 dev vmbr0

You corretly add a new route:

10.0.2.0 * 255.255.255.0 U 0 0 0 vmbr0

So why do you think it is a routing problem?
 
jjrroberts said:
Attached, firewall disabled. I've tried serveral different XP installs, plus a 2003 install as well, always the same.
Click to expand...

Whare is the output of 'ipconfig'? it is not attached.

I guess you have a routing problem on the XP guest - what gateway do you use there?

- Dietmar
 
apologies, i've re-attached the image.

The gateway on the guest is assigned by DHCP is it not?
 
Maybe you want such setup:

Code: 
auto lo
iface lo inet loopback
 
auto eth0
iface eth0 inet static
        address 87.118.126.3
        netmask 255.255.255.0
        gateway 87.118.126.1
 
auto vmbr0
iface vmbr0 inet static
        address  10.0.2.2
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp on
        bridge_fd 0
 
With above setup you can do SNAT with:

# iptables -t nat -A POSTROUTING -s '10.0.2.0/24' -j SNAT --to-source 87.118.126.3
 
dietmar said:
Where is that DHCP server located? Is that also a OpenVZ containerconnected to vmbr0?
Click to expand...

I've not installed a DHCP server separately, i guess i assumed that the proxmox kvm implementation included a DHCP server for its guests to access.

Thanks alot for your suggestions, will try that tomorrow (bedtime here).
 
jjrroberts said:
I've not installed a DHCP server separately, i guess i assumed that the proxmox kvm implementation included a DHCP server for its guests to access.
Click to expand...

PVE does not have a DHCP server by default. So who assigns those addresses inside the XP Guest??
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back